[mashup-dev] [jira] Commented: (MASHUP-650) Use WS-Security instead
of https for mashup sharing
Jonathan Marsh (JIRA)
jira at wso2.org
Mon Mar 31 10:30:46 PDT 2008
[ https://wso2.org/jira/browse/MASHUP-650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16115#action_16115 ]
Jonathan Marsh commented on MASHUP-650:
---------------------------------------
If there is no way to us WS-Security without a certificate (surely there must be something we can do here), and we all know getting a valid certificate is complex, then we we should consider the draconian option of dropping the requirement that publishing a mashup be a secure operation. The current state simply isn't tenable in an enterprise Mashup Server deployment.
Surely there are some secure P2P applications out there that don't require valid certs on each end?
> Use WS-Security instead of https for mashup sharing
> ---------------------------------------------------
>
> Key: MASHUP-650
> URL: https://wso2.org/jira/browse/MASHUP-650
> Project: WSO2 Mashup Server
> Issue Type: New Feature
> Reporter: Jonathan Marsh
> Assignee: Tyrell Perera
> Fix For: 1.1
>
>
> Currently to share the dest machine needs a valid cert to enable https communication. Since we own both ends of the communication, can't we use WS-Security over http to protect the un/pw being sent along with the mashup zip?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the Mashup-dev
mailing list