Yes, it is always recommended to use policy based configuration. If you need help in building the security policy suited to your scenarios, please do raise questions in the list and devs on the list may be able to help you.
thanks, nandana On Mon, Jul 14, 2008 at 11:26 PM, Roxanne Yee <[EMAIL PROTECTED]> wrote: > So is it recommended (and more beginner friendly) that WSS is implemented > with the policy handler rather than the parameter handler? > > Thanks > > => RY > > > -----Original Message----- > From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] > Sent: Fri 7/11/2008 6:39 PM > To: [email protected] > Subject: Re: Newbie Question: Rampart 1.1 versus Rampart 1.0 and > WS-Security > > Yes, to some extent. Anyway these two configurations ( policy / parameters > ) > are handled by two different handlers. So what it means is that features in > one configuration will not be the same as the other configuration. > Currently > developments mainly happen in the policy based configuration handlers, so > the new features will be available only through policy based configuration. > But if you are sticking to a simple scenario and the clients are aware of > the security requirements, then I think the two configurations won't make > much of a dereference in that case. > > thanks, > nandana > > On Sat, Jul 12, 2008 at 2:04 AM, Roxanne Yee <[EMAIL PROTECTED]> wrote: > > > Is my thinking correct? > > > > > > -----Original Message----- > > From: Roxanne Yee [mailto:[EMAIL PROTECTED] > > Sent: Wed 7/9/2008 7:14 AM > > To: [email protected] > > Subject: RE: Newbie Question: Rampart 1.1 versus Rampart 1.0 and > > WS-Security > > > > Just to verify that I understand this correctly; The security policy is > > only needed if the client does not know what security headers/parameters > > the service is expecting. The security policy is implemented on the > > server side and the client gets the "format of security" from the server > > through a public security policy. > > > > However, if somehow the client already knows the requirements it must > > add to the SOAP message, then there is no need for a security policy, and > > it can already directly bind itself to the web service. > > > > > > P.S. Mind you that I still have a fuzzy idea of what "binding" fully > > implies. > > > > -----Original Message----- > > From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] > > Sent: Tue 7/8/2008 6:18 PM > > To: [email protected] > > Subject: Re: Newbie Question: Rampart 1.1 versus Rampart 1.0 and > > WS-Security > > > > Hi Roxanne, > > I may not be able to answer all your questions this time, but I will > > try to answer as much as possible. See my comments in line. > > > > I'm not quite sure how these two versions fit together. Does 1.1 enhances > > > 1.0? Are they two different ways of accomplishing the same tasks? > > > > > > 1.1 enhances 1.0. And there versions are tightly related to Axis2 > versions. > > For example, Rampart 1.3 is tested with Axis2 1.3 and Rampart 1.4 is > tested > > with Axis2 1.4. You can't use Rampart 1.4 with Axis2 1.3 due to API > changes > > in Axis2. So it is better to use the Rampart version which corresponds to > > your Axis2 version. > > > > For example... > > > > > > Looking at the Configuration tags at > > > http://ws.apache.org/rampart/rampartconfig-guide.html , I would > greatly > > > appreciate to have an example explaining what each tag does and every > > > possibility that can be used in a tag. The table seems incomplete. > > > > > > <encryptionCypto> > > > ....crypto element ......[What are all the possibilities that can be > > > placed here?] > > > .........................[What will happen if I just put in a random > > > word?] > > > </encryptionCypto> > > > > > > > An example crypto element can be found signatureCrypto description. Same > > structure applies to encryptionCrypto and decryptionCrypto elements. > > > > If I wanted basic WSS, could I ignore creating a Policy completely? > > > > > > > Depends on your usage. For example, if you use parameter based > > configuration, your WSDL will not be annotated with policy. So your > clients > > need to have a out of band knowledge about of service's security > > requirements. > > > > P.S. This might sound stupid, but what is the difference between a user > and > > > an encryption user? > > > > > > User is used provide the username or private key alias. > > Enncryption user is used provide the key alias of the certificate which > > should be used for encryption. > > > > thanks, > > nandana > > > > > >
