Thank you Vikas, I use JBoss AS for testing rith now but we're planning to use weblogic later. We're just testing so by now I haven't try to use security login ... I'll also keep you updated (and everybody on the mailing list !!) Carl _____ De : rules-users-bounces(a)lists.jboss.org [mailto:rules-users-bounces@lists.jboss.org] De la part de Vikas Phonsa Envoyé : mercredi 21 mai 2008 12:08 À : Rules Users List Objet : RE: [rules-users] https package url Carl, I have the exact same concern. I posted a similar question several days ago but didn't get any replies. Have you deployed BRMS behind SSL? I haven't so far, so can't say if the RulesAgent can use https URLs. Also, have you been able to enable security? Which app server are you using? If security is enabled and BRMS login is password protected, how would the RulesAgent be able to consume packages from the URLs without using a username/password? I'll keep you posted if I discover anything in this regard. Thanks, Vikas _____ From: rules-users-bounces(a)lists.jboss.org [mailto:rules-users-bounces@lists.jboss.org] On Behalf Of Cabou, Carl Sent: Wednesday, May 21, 2008 8:49 AM To: Rules Users List Subject: [rules-users] https package url Hi all, I use the Business Rules Server to deploy rules packages and I use the URL feature to consume them. It works fine but I am concern about security in rules requests. I've seen in the documentation that we can use SSL for BRMS login security but what about url requests to rules packages ?? Regards, Carl This email and/or any files or attachments transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this e-mail and/or any files or attachments transmitted with it is strictly forbidden. If you have received this email in error, please delete the e-mail and/or any files or attachments, and also notify the system manager (PostMaster(a)mercuryinsurance.com) of the error. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email and/or any files or attachments transmitted with it.