There are 2 fundamental choices:
1. Secure the message at the SOAP layer
2. Secure the channel at the protocol layer
WS-Security is for #1. It means you can perform security related
functions like authentication, signing and privacy(encryption) entirely
by manipulating the XML messages. This
Hi Suzy,
You would need the support of Basic Authentication in
your webservice.
Please refer to following links to get the information on
how to enable basic authentication in AXIS.
http://www.mail-archive.com/[EMAIL PROTECTED]/msg04657.html
http://www-106.ibm.com/developerworks/webse
OASIS Web Services Security: SOAP Message Security (aka WSS or WS-Security).
See http://www.oasis-open.org/specs/index.php#wssv1.0.
Dims is working on an implementation of WSS for Axis. See
http://ws.apache.org/ws-fx/wss4j/. (He's a little busy working on the Axis
1.2 bug list, but I'm sure he'l
OASIS Web Services Security: SOAP Message Security (aka WSS or WS-Security).
See http://www.oasis-open.org/specs/index.php#wssv1.0.
Dims is working on an implementation of WSS for Axis. See
http://ws.apache.org/ws-fx/wss4j/. (He's a little busy working on the Axis
1.2 bug list, but I'm sure he'l
Hi Zoltan,
You can also consider not handling the certificate yourself. When you deploy
Axis on a webserver, you can ask the webserver to authenticate using client
certificates for the axis web application. Depending on whether the default
behavior works for you, this can turn out to be the easiest
at's because we
need that level of security in our deployment environment.
Food for thought.
-Jon
-Original Message-
From: Davanum Srinivas [mailto:[EMAIL PROTECTED]
Sent: Monday, March 15, 2004 10:37 PM
To: [EMAIL PROTECTED]
Subject: Re: Web Service Security - what's t
http://ws.apache.org/ws-fx/wss4j/
--- [EMAIL PROTECTED] wrote:
> Hi people,
>
> I am considering two different ways of using Certificate based authentication of a
> client
> connecting to our Web Service:
>
> 1. Certificate is contained in the HTTPS request. I intercept the Request in my Web
>