Friday, August 8, 2008

Cape Clear ESB (Workday) Assemblies Context Options

One client I am assisting is the Cape Clear ESB and it Assembly functionality. This provides mediation support via a Spring Bean configuration file which is generated via graphical drag/drop tools. Because the Assembly Service is stateless and the project we were working on required some context sharing, we had to open up the covers and learn about org.springframework.context.ApplicationContext and org.springframework.beans.factory.InitializingBean. A single bean with a scope of singleton was developed to provide context for all instances of the assembly and when the assembly was loaded this information was initialized as part of the afterPropertiesSet() method.

Within each instance of the assembly, Cape Clear provides another context called com.capeclear.mediation.MediationContext which provides a setProperty() and getProperty() method. This provides simple storage of variables within an instance.

XACML: An option for authorization

I am currently taking the next step in security development learning about XACML from In the scenario that I am working on with the client, there Identity Management Solution will be acting as the Policy Authoring Point whereas the ESB that we have deployed will act as a Policy Enforcement Point and Policy Decision Point. Due to the fact that we have a clustered ESB a decision that we are mulling over is whether to have a central/shared directory for XACML Policies or use the support for XACML Request/Responses to do it real time. Our concern is the latency especially in a high volume environment and we are currently steering towards a shared directory. This will allow each ESB to take a portion of the load and keep the processing local.

As part of a SOA Solution we will be using Service Agents or Intermediaries to support the authentication (SAML) and authorization (XACML). The ESB provides out of the box interceptors for both of these and only requires that the Service Consumer be able to interact with the SAML Provider.