Saturday, February 22, 2014

WSO2 ESB Performance Round 7.5


Sometime ago, there was performance blog saying that some of the performance stats published on WSO2 ESB are incorrect and flawed. So, WSO2 ESB team has carried out some investigations on these and published the latest performance test results based on their latest release WSO2 ESB 4.8.1.

The latest round of performance testing results published by WSO2: WSO2 ESB Performance Round 7.5

The following table and graph show the summary results of the performance test. This graph takes the average across all message sizes.




The tests has been conducted against number of leading open source ESB's and it is proven that WSO2 ESB ahead in almost all the scenarios.

You can download the latest WSO2 ESB 4.8.1 at WSO2 Enterprise Service Bus

The user guide and the documentation can be found at WSO2ESB Documentation

Saturday, February 8, 2014

Securing your Web Service with OAuth2 using WSO2 IS


Introduction


Web applications sometimes need access to certain user information in another web service. In such a case how do you get your app authorized, on behalf of user, against that web service? Years ago this problem was solved by user giving their credentials to web application and then the web application uses them to authenticate itself against the web service. But, in user’s perspective, giving away their credentials to another web application to log in as himself, is not a good story, because with user credentials, web application gets the full control of user account until user changes their password. People needed a solution for this, and they came up with a variety of solutions such as Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming api, Flickr api, Amazon Web Services api [1] etc. But there were a lot of differences between each of them, and so people needed a standard for this. This is where OAuth came into play.

What is OAuth?


OAuth is an open protocol which enables an application to access certain user information or resource from another web service, without giving user credential for the web service to the web application. For example, a user needs to allow a third party application to change his twitter profile picture. When OAuth is used for authorization, it allows 3rd party application to change user’s profile picture after user authorize it to do so without giving credentials directly to the web application.