wss4j is still beta software, but I suggest that you start your work using it rather than trying to write your own module from scratch.
If you aren't willing to use beta software in production, then I suggest that you consider using one or more of the following commercial products: - a commercial web services platform (WSP) that provides native support for WS-Security, such as Microsoft .NET/WSE, IBM WebSphere, BEA WebLogic, Oracle 10g, Systinet Server, etc. - a third party software-based web services management (WSM) product, such as Actional, AmberPoint, Blue Titan, Oblix, SOA Software, etc. - a third party hardware-based WSM product, such as DataPower, Forum Systems, Layer 7, Reactivity, Sarvega, etc. All these products support XML encryption and signature, use WS-Security SOAP headers, and follow the WS-Security processing model. You would use a WSP in place of Axis. The WSM products can work with Axis. The hardware based solutions provide the advantage of XML processing acceleration, and many of them also provide PKI key management. Anne On 4/16/05, James Black <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Anne Thomas Manes wrote: > > Your package should work according to the processing model defined in > > the OASIS WS-Security 2004 standard. wss4j > > (http://ws.apache.org/ws-fx/wss4j/) implements WS-Security (and > > supports wsu:Id). > > Looking at the website, it appears that wss4j may not be ready for > production use, which can be a problem for webservices that need > encryption, but are in production. > > - -- > Corruptisima republica plurimae leges. [The more corrupt a republic, the > more laws.] > Tacitus from Annals III, 116AD > Blogs: http://jamesruminations.blogspot.com > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.0 (MingW32) > > iD8DBQFCYci4J/zyYkX46joRAvl2AJ9XXr/CVYGOcAp6baXbZMrYExuklgCfcYJJ > 3vOc8dUvIyw0JhjPG6XxzSg= > =wiOB > -----END PGP SIGNATURE----- >
