SecuritySimplification

PROBLEM

SOLUTION

  • Simplify the generated config file, because currently e.g. 1MB file is generated for service with 80 operations

COMPARISON TABLE

The table compares number of lines of generated config files for service with 1 operation and a service with 80 operations for both solution 1, solution 2 and current state. Each number is linked to the actual config file.

Solution / NumberOfOperations 1 operation 80 operations
Current State 189 4765
Solution 1 189 1289
Solution 2 138 138


DESCRIPTION OF CURRENT STATE AND DIFFERENT IMPLEMENTATIONS OF THE SOLUTION

Current state

Generate Signature/Encryption policies per each Input/Output/Fault element. See comparison table for specific config files.

Pros

  • Leaving it as is doesn't require testing
  • No unclear UI rendering as described for Solution 1

Cons

  • Slow, big config files
  • Size depends on # of operations
  • Need to track changes to already secured service while editing
  • if there's an operation added - need to add policy to it's input/output/fault
  • if there's an operation removed - need to remove the policy

Solution 1

Generate Signature/Encryption policies to Binding level. See comparison table for specific config files.

Pros

  • Not expected to break MS Interop

Cons

  • Generated config file is still big (see comparison table), generation still not fast,
  • Size depends on # of operations
  • Not clear how to render the UI if
  • there's only one operation
  • there's another operation added to already secured service - which default to use?
  • Need to track changes to already secured service while editing
  • if there's an operation added - need to add policy to it's input/output/fault
  • if there's an operation removed - need to remove the policy


Solution 2

Generate Signature/Encryption policies and reference them from each operation. See comparison table for specific config files.

Pros

  • Best performance, smallest and simples config files
  • Size doesn't does not depend on number of operations
  • No unclear behaviour
  • No need to track operation adding/editing as described above

Cons

  • Needs more testing, might break MS interop
Not logged in. Log in, Register

By use of this website, you agree to the NetBeans Policies and Terms of Use. © 2012, Oracle Corporation and/or its affiliates. Sponsored by Oracle logo