2 Replies Latest reply on Jun 9, 2008 2:36 PM by ggiavelli

struggling to integrate strong security in ESB

ggiavelli Jun 6, 2008 2:43 PM

Jboss ESB currently does not have a very strong security model. We are trying to integrate some strong security which will work with a BPM orchestration including

SSL
signed headers
SAML assertions
encryption
a federation of SAML assertion validator services/identity mgmt

However, since the security must be tied to both endpoints to be secure, it means that when the BPM processor runs and it calls a web service endpoint, it itself must be using and supporting ws-se security and the above.

Is there an injection point to intercept and perform security with jboss ESB. Will it work with BPEL orchestration. Is there a way to set up SSL calls with signed headers. whats the best way to do secure encryption support for xml message bodies.

a handful of questions I worry the answer is "not until next release" but if people have any specifics or ideas I would welcome them. Thanks!

1. Re: struggling to integrate strong security in ESB

anil.saldhana Jun 9, 2008 2:16 PM (in response to ggiavelli)

I do not know the specifics of JBoss ESB as I do not deal with that project directly. But from your description, what you really need for the SAML/Federation et.al is some layer that integrates with OpenSAML2.x
Actions
2. Re: struggling to integrate strong security in ESB

ggiavelli Jun 9, 2008 2:36 PM (in response to ggiavelli)

"anil.saldhana@jboss.com" wrote:
I do not know the specifics of JBoss ESB as I do not deal with that project directly. But from your description, what you really need for the SAML/Federation et.al is some layer that integrates with OpenSAML2.x

I think the issue is that the BPEL orchestration engine, which typically is servlet calling web-services or other endpoints, is not WS-SE compliant yet in JBOSS or ESB. So you cant securely pass SAML headers in midst of a BPEL process. But I could be wrong.
Actions

Go to original post