r any company that wants to go
with WS-Security? As Dims pointed out that WSS4J has not signed anything, are
users of the software implementing WS-Security illegally?
Anyone have any thoughts, ideas?
Thanks,
Sharam
From: Tony Opatha [mailto:[EMAIL PROTECTED]
Sent
Tony,
Apache has not signed anything with anyone.
Thanks,
dims
On Fri, 3 Dec 2004 13:45:33 -0800 (PST), Tony Opatha <[EMAIL PROTECTED]> wrote:
>
>
> Hi,
>
> It seems that WS Security requires licensing arrangements from Microsoft,
> Verisign,
> and IBM based
Hi,
It seems that WS Security requires licensing arrangements from Microsoft, Verisign,
and IBM based on OASIS WS Security TC IPR statement
http://www.oasis-open.org/committees/wss/ipr.php
So, can someone please clarify:
1) if the users who to develop and deploy AXIS clients (using WS
http://ws.apache.org/ws-fx/wss4j/
On Mon, 29 Nov 2004 15:34:58 -0800, Lyndon Tiu <[EMAIL PROTECTED]> wrote:
> Hello,
>
> Has anyone here used WS-Security on Axis?
>
> Thanks.
>
> --
> Lyndon Tiu
>
--
Davanum Srinivas - http://webservices.apache.org/~dims/
Hello,
Has anyone here used WS-Security on Axis?
Thanks.
--
Lyndon Tiu
After reading some previous posts, using WSS4J with Axis 1.2
seems like the current method for incorporation WS-Security. However, I can’t
seem to find an answer regarding how close to production-ready is WSS4J? It
seems like it is not? If that’s true, then for a production system there
is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Friday 05 November 2004 19:11, Yves Langisch wrote:
> Ilias,
>
> you also need the activation.jar and mail.jar which you can find at
> sun's site.
>
> Yves
thank's, it was just a classpath temporary problem...
i got always the same error.
Ciao,
ith tomcat 4 and java1.4...
everything went smooth.
Now i'm tring WS-Security from CVS with axis 1.2RC1 and tomcat 5 and java 1.5
but i'm unable to deploy example3 from user guide...
error:
- --
- - Unable to find required classes (javax.activation.DataHandler and
javax.mail.in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
i'm a master student from university of Bologna, some week ago i tried the
examples in the documentation of axis 1.1 with tomcat 4 and java1.4...
everything went smooth.
Now i'm tring WS-Security from CVS with axis 1.2RC1 and to
Jim - I think you had the right idea...Thanks.
-Original Message-
From: Jim Murphy [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 15, 2004 2:56 PM
To: [EMAIL PROTECTED]
Subject: Re: WS-Security
Is it in the servlet container's class path or the webapp classpath? I
belie
Is it in the servlet container's class path or the webapp classpath? I
believe it must be reachable by the webapp classloader - which does not
delegate to a "higher level" class loader.
Jim Murphy
Mindreef, Inc.
Greg Michalopoulos wrote:
Could be a real dumb question but...
Using apache wss4j,
Could be a real dumb question but...
Using apache wss4j, and trying to use a custom password callback class.
Thing is, if I don't add the custom password callback class to the wss4j jar
file, I get a java.lang.NoClassDefFound exception - even if the custom class
is in the class path of the servlet
Hi.,
I'm using axis toll for creating
webservice.I have created few samples and its working well.
Now i'm planning to implement the security like ws
security,xml security,digital signature and authentication like
that.
Is anyone can give me some idea to implement this.I
am ju
I expect that https will give you better performance than ws-security,
but even if you're only using http, the functionality is not the same.
https gives you point-to-point message security, but it does not
effectively support end-to-end security, e.g., strong authentication,
authorizatio
Anyone knows which has better performance, ws
security or https? Our application run under http, so it’s the same for us have ws security under soap or
https.
thanks
http://ws.apache.org/ws-fx/wss4j/
--- Mei Wu <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am developing a message level security framework in which secrete key is
> included. I am a bit confused about how to create a ds:KeyInfo for such a
> secrete key, since if I follow
wrong?
thanks
Mei
> Hi,
>
> I am developing a message level security framework in which secrete key is
> included. I am a bit confused about how to create a ds:KeyInfo for such a
> secrete key, since if I follow WS-Security to create:
>
>
>
>
>
Hi,
I am developing a message level security framework in which secrete key is
included. I am a bit confused about how to create a ds:KeyInfo for such a
secrete key, since if I follow WS-Security to create:
only, it will give me an AxisFault : "Didn't
Hi,
We are trying to use Apache's xml security (http://xml.apache.org/security/)
for signing and BSafe for encryption (or BouncyCastl
http://www.bouncycastle.org/ ) then, build SOAP message conforming to
WS-Security format...
I found this article was helpful for me
(http://www.devx.com/sec
http://ws.apache.org/ws-fx/wss4j/
--- Maciek Zywno <[EMAIL PROTECTED]> wrote:
> Hello
>
> I would like to use ws-security standard to secure my webservice. My
> question is whether I would have to implement ws-security:
> - on my own by using axis handlers that use some
Hello
I would like to use ws-security standard to secure my webservice. My
question is whether I would have to implement ws-security:
- on my own by using axis handlers that use some external api ?
- or does axis support ws-security out of the box?
- or there is some apache ws-security library
--Original Message-
> From: Davanum Srinivas [mailto:[EMAIL PROTECTED]
> Sent: Mon 09/02/2004 20:33
> To: [EMAIL PROTECTED]
> Cc:
> Subject: Re: Will Axis ever support WS-Security
>
>
Thanks
-Original Message-
From: Davanum Srinivas [mailto:[EMAIL PROTECTED]
Sent: Mon 09/02/2004 20:33
To: [EMAIL PROTECTED]
Cc:
Subject: Re: Will Axis ever support WS-Security
The idea is to get wss4j as part of http://ws.apache.org/ws-fx/ soon.
thanks,
dims
--- [EMAIL PROTECTED] wrote:
> Dims,
>
>
> Does WSS4J count as part of Apache Axis ? I'm trying to pull together a report
> for very senior
> managers about WS-Security, a
Dims,
Does WSS4J count as part of Apache Axis ? I'm trying to pull together a report
for very senior managers about WS-Security, and when we should start using it. Part of
this will be a section on the implementations.
We're all familiar with Axis, so shou
Yes, see CVS at http://wss4j.sf.net/. When the spec is final the code will be ready
too :)
-- dims
--- [EMAIL PROTECTED] wrote:
> and if so when ?
>
> Thanks
>
> Dave
> UK
>
=
Davanum Srinivas - http://webservices.apache.org/~dims/
and if so when ?
Thanks
Dave
UK
:
10.01.2004 19:11Thema:RE: question regarding
WSDL and WS-Security
Bitte antworten an
later uses this framework to define the policy related to WS-Security.
Thomas
-Original Message-
From: Ricky Ho [mailto:[EMAIL PROTECTED]
Sent: Friday, January 09, 2004 5:00 PM
To: [EMAIL PROTECTED]
Subject: Re: question regarding WSDL and WS-Security
Here is what I'm thinking ...
<[EMAIL PROTECTED]> wrote:
> There is a nice separation between application
> processing and
> infrastructure processing. WSDL describes the
> former and WS-Policy
> describe the later.
>
> If you are writing application code, you shouldn't
> care about W
me to the correct forum if you know
> where
> >I should post this question.
> >
> >As far as I know, currently there is no extension
> in
> >WSDL for WS-Security. In other words, looking at a
> >WSDL there is no way to figure out if the service
> >expects secur
There is a nice separation between application processing and
infrastructure processing. WSDL describes the former and WS-Policy
describe the later.
If you are writing application code, you shouldn't care about WS-Policy
(and WS-Security), you only care about WSDL. The under
Please point me to the correct forum if you know where
I should post this question.
As far as I know, currently there is no extension in
WSDL for WS-Security. In other words, looking at a
WSDL there is no way to figure out if the service
expects security information as specified in
WS-Security
e, Peter H." <[EMAIL PROTECTED]> wrote:
> I am interested in hearing more about WS-Security support in Axis. What is
> the future of WSS4J?
>
> I've been asked to modify an existing Axis-based web service client to
> access a service where WS-Security is required. I'
I am interested in hearing more about WS-Security support in Axis. What is
the future of WSS4J?
I've been asked to modify an existing Axis-based web service client to
access a service where WS-Security is required. I'm trying to get a sense of
what options exist now, and what might ex
I know it but it's over ssl and therefore i use tomcat.
I try to made up two different authoritation method: one with jaas-tomcat real
and one with ssl+axis basi auth.
Thanks,
Aloha
-> Hi Rudi,
->
-> What we have done is implement Axis/JAX-RPC client and server side
-> handlers. The client side
Hi Rudi,
What we have done is implement Axis/JAX-RPC client and server side
handlers. The client side handler attaches a credential in the HTTP
header ("Authorization" heaer), and the server side handler
authenticates it, and makes the user id available in both the 1)
MessageContext in Authe
See http://sf.net/projects/wss4j/ for WS-Security Java Impl based on Axis, you will
need to access
the cvs directly. there are samples though.
-- dims
--- "Rudi Verago [vlain]" <[EMAIL PROTECTED]> wrote:
> I need user/call authentication in a swing application.
> Beginnig
I need user/call authentication in a swing application.
Beginnig I want to use SAML and SSO but opensaml implementation has no documentation
and samples, then I try
XACML but nothing; same thing for xml security at Apache: without sample it's hard.
Axis auth methods aren't safe.
Now I try to imple
If you help implement this we can do this quickly :) No formal plans yet
--- Tony Opatha <[EMAIL PROTECTED]> wrote:
> 1) Any plans to develop a SAML token as an enhancement to current WS-Security
> implementation?
>
> 2) Any idea when the currently available WS-Secu
1) Any plans to develop a SAML token as an enhancement to current WS-Security
implementation?
2) Any idea when the currently available WS-Security PasswordToken support
will beome part of an official AXIS 1.x release?
Thanks Davanum Srinivas <[EMAIL PROTECTED]> wrote:
FYI.--- D
FYI.
--- Davanum Srinivas <[EMAIL PROTECTED]> wrote:
> Date: Tue, 14 Oct 2003 05:14:15 -0700 (PDT)
> From: Davanum Srinivas <[EMAIL PROTECTED]>
> Subject: WSS4J - WS-Security Implementation (was Re: axis-wsse)
> To: [EMAIL PROTECTED]
>
> Filippo, Pankaj, Team,
&
--- Michael, Michelle wrote:
> Regarding these items listed in the AXIS requirements list:
>
> - 130b Support SOAP-level security [High]
> - 132 Support for existing security SOAP-level standards
>
> Are there plans to support the OASIS WS-Security specification?
> If so, in
Regarding these items listed in the AXIS requirements list:
- 130b Support SOAP-level security [High]
- 132 Support for existing security SOAP-level standards
Are there plans to support the OASIS WS-Security specification?
If so, in what AXIS version and timeframe?
Michelle Michael
Siemens
PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: WS-Security UsernameToken code
Hi,
As promised here is the code which adds WS-Security UsernameToken header
to the request and also does authentication on the service side. Unzip
the attachment and it creates a directory called simple. Copy
PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: WS-Security UsernameToken code
Hi,
As promised here is the code which adds WS-Security UsernameToken header
to the request and also does authentication on the service side. Unzip
the attachment and it creates a directory called simple. Copy
Hi,
As promised here is the code which adds WS-Security UsernameToken header
to the request and also does authentication on the service side. Unzip
the attachment and it creates a directory called simple. Copy this
directory into your server's webapps\axis\WEB-INF\classes directory. Go
th
: Davanum Srinivas [mailto:[EMAIL PROTECTED]
Sent: Friday, July 25, 2003 5:43 PM
To: [EMAIL PROTECTED]
Subject: Re: WS-Security
Interested in using it? or implement it? :)
--- "Pathak, Sanjesh" <[EMAIL PROTECTED]> wrote:
> Dims,
>
> What is the status on WS-Security module/pro
Interested in using it? or implement it? :)
--- "Pathak, Sanjesh" <[EMAIL PROTECTED]> wrote:
> Dims,
>
> What is the status on WS-Security module/project that you were trying to set up? I
> am really
> interested
Dims,
What is the status on WS-Security module/project that you were trying to set up? I am
really interested in that.
Thanks,
Sanjesh
**
This e-mail is the property of Enron Corp. and/or its relevant affiliate and may
Anne,
:) :) :) Waz trying to keep a lid on it, till we get things moving here. :) :) :)
-- dims
--- Anne Thomas Manes <[EMAIL PROTECTED]> wrote:
> According to this article [1], Verisign provides an open soure WS-Security
> kit at SourceForge. And they also provide a toolkit ca
According to this article [1], Verisign provides an open soure WS-Security
kit at SourceForge. And they also provide a toolkit called TSIK [2] that
supplies XML Enc and XML Sig.
I found two projects at SourceForge
- wss4j [3] which is build on Axis (ahhh - that's dims)
- mod-ws-security [4]
JAR-file(s) I need for WS-Security ?
> I want to sign and encrypt, so I need also XML DigSig and XML Encryption,
> right ?
>
> I 've seen the package Apache XML Security with empty logs. ;-(
> I also have seen huge tutorials and no jars at IBM,
>
> But is somewher
HI all,
I am looking for JAR-file(s) I need for WS-Security ?
I want to sign and encrypt, so I need also XML DigSig and XML Encryption,
right ?
I 've seen the package Apache XML Security with empty logs. ;-(
I also have seen huge tutorials and no jars at IBM,
But is somewhere a WS-Sec
Title: RE: [RE: Authorization using WS security and SAML]
> is the WSTK for free or is it an
eval copy?
According to the WSTK pages (which you should check out
yourself, for license restrictions etc and for any recent changes), the answer
is "yes" it is a free eval, fo
Title: RE: [RE: Authorization using WS security and SAML]
i've just tried downloading the toolkit a few minutes ago. [one heavy
download it is! so the process is still on!]
since it's a dissertation i'm working on, i may have some issues with it
being a trial version. is th
IBM WSTK. It's based on Axis.
> -Original Message-
> From: Nisha Menon [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 20, 2003 8:28 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [RE: Authorization using WS security and SAML]
>
>
> Hi Mitch,
> Any lu
Hi Mitch,
Any luck on information regarding java implementation of WS-Security? An
implementation with Axis?
Regards,
Nisha
-Original Message-
From: Mitch Gitman [mailto:[EMAIL PROTECTED]
Sent: Monday, March 17, 2003 10:11 PM
To: [EMAIL PROTECTED]
Subject: Re: [RE: Authorization using
Title: RE: Authorization using WS security and SAML
You
should define your security header in the WSDL , but you still
need a business agreement regarding what mechanisms to use.
-Original Message-From: Nisha Menon
[mailto:[EMAIL PROTECTED]Sent: Wednesday, March 19, 2003 12:03
Title: RE: Authorization using WS security and SAML
is security information ever a part of WSDL? i mean when one application
wants to interact with another through a webservice, is it a business agreement
to follow a particular authentication/authorization mechanism/ scheme or is it
defined
Title: RE: Authorization using WS security and SAML
Nisha,
As I mentioned below, when
using WS-Security, you must write a header processor (an Axis handler) that
takes the SAML token and maps it to a principal, and then use JAAS to check
authorization.
I'm assuming that your Web servi
Title: RE: Authorization using WS security and SAML
thanks so much for all that information anne.. helps me to a great extent
to have your input!
but what would the required components be if i were to start
implementing a webservices authentication module (considering ofcourse that i
Title: Re: [RE: Authorization using WS security and SAML]
TSIK1.7 claims to have WS-Security support. Look at samplesoap
example.
Not
sure if it would work with Axis. Also, TSIK is not opensource (doesn't include
source code).
/Pankaj.
-Original Message-From: Nisha
Title: Re: [RE: Authorization using WS security and SAML]
oh yes! would anyone know of an implementation that can be used with
axis?
would be dandy to get my hands on that code! :-)
-Original Message- From: Mitch Gitman
[mailto:[EMAIL PROTECTED] Sent: Mon 3/17/2003 10:11 PM
Ricky Ho asked:
> Can I use SAML for just Authorization Authority ?
Yes. You need to send your authorization authority certain information so
that it can make a decision: some authentication information and some
information that identifies the resource being accessed. Although I suspect
that most
ilto:[EMAIL PROTECTED]
> Sent: Monday, March 17, 2003 10:26 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Authorization using WS security and SAML
>
>
> Hi Anne,
>
> You touch on some interesting points. I agree that one can implement
> authentication or authorization
One of the primary reasons why you might want to use SAML is to support
single sign-on. But if you don't have a SAML authentication authority, then
you probably don't want to use SAML.
Can I use SAML for just Authorization Authority ?
But you don't need to use either SAML or
I believe that IBM WSTK supports WS-Security. see
http://www.alphaworks.ibm.com/tech/webservicestoolkit
> -Original Message-
> From: Mitch Gitman [mailto:[EMAIL PROTECTED]
> Sent: Monday, March 17, 2003 11:41 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [RE: Authorization us
Is anyone aware of a Java implementation of WS-Security? Furthermore, is
anyone aware of an implementation that can be used with Axis? I would guess
IBM has one since they have been a leader on the spec, but I don't know. The
only WS-Security API I'm aware of comes with Microsoft'
al Message-
From: Anne Thomas Manes [mailto:[EMAIL PROTECTED]
Sent: Monday, March 17, 2003 9:00 AM
To: [EMAIL PROTECTED]
Subject: RE: Authorization using WS security and SAML
SAML provides a standard XML format to express and exchange security
assertions. Assertions come in three flavors: auth
protocols (SOAP messages) that you use to get these assertions.
One of the primary reasons why you might want to use SAML is to support
single sign-on. But if you don't have a SAML authentication authority, then
you probably don't want to use SAML.
In WS-Security speak, a SAML assertion
rnal mappers (what are mappers?? Look up DBs??)
This is the basic requirement. The hassle is, I'm new to webservices and
I was wondering what standards, protocols and APIs I need to work with
and where they'd fit in.
As far as I see it, (that may not be seeing much)
WS-Security and S
rnal mappers (what are mappers?? Look up DBs??)
This is the basic requirement. The hassle is, I'm new to webservices and
I was wondering what standards, protocols and APIs I need to work with
and where they'd fit in.
As far as I see it, (that may not be seeing much)
WS-Security and S
rnal mappers (what are mappers?? Look up DBs??)
This is the basic requirement. The hassle is, I'm new to webservices and
I was wondering what standards, protocols and APIs I need to work with
and where they'd fit in.
As far as I see it, (that may not be seeing much)
WS-Security and S
I haven't closely track the OASIS activity. They are supposed to
standardize how to put a SAML assertion inside a WS-Security header.
JAAS is a Java API for doing authentication and authorization. Compare API
with protocol is like oranges and apples.
Rgds, Ricky
At 09:23 AM 3/17/2003
Ricky,
Being new to all of this, it's been great help so far already!
I've been trying to evaluate the available standards to see what I need
to work with on this module. And from what I've been reading over the
last month or so, I'd narrowed down to SAML and WS-Security on
that is
independant of the application and to authorize i've chosen to use WS-Security and
SAML.would
anyone on this list be familiar with similar implementation? or have any references
for the
same?also, how does XACML compare to SAML? thank you, nisha >
**
trying to create an authorization module for web services that is
independant of the application and to authorize i've chosen to use
WS-Security and SAML.
would anyone on this list be familiar with similar implementation? or have
any references for the same?
also, how d
Title: Webservice design
hi,
i am trying to create an authorization module for web services that is
independant of the application and to authorize i've chosen to use WS-Security
and SAML.
would anyone on this list be familiar with similar implementation? or
have any references fo
I believe that IBM WSTK provides a preliminary implementation of WS-Security
on Axis.
Anne
> -Original Message-
> From: Joshua Gramlich [mailto:[EMAIL PROTECTED]]
> Sent: Friday, December 13, 2002 10:38 AM
> To: [EMAIL PROTECTED]
> Subject: Re: WS-Security and Globus
>
Yeah, that's pretty much what I'm looking for. That paper you
referenced...well, that's pretty much how I found out about WS-Security. I
found it a few days ago and was hoping that someone had done a cursory
implementation.
I may end up having to try to extend Axis, but I'
Hi,
You say you are using Globus, is that standard Toolkit, either v1 or v2. Globus 3 is
actually called Open Grid Services Architecture (OGSA) and is built on web services.
What is more OGSA has a proposed security architecture based on WS-Security. You can
read it at:
http://www.globus.org
e
current application. I found out about WS-Security on IBM's developerworks
site and thought it might be useful.
I don't suppose anyone has used Globus and WS-Security together yet? Any
code samples pehaps?
Joshua Gramlich
Chicago, IL
IBMs Web Services Toolkit (
http://www.alphaworks.ibm.com/tech/webservicestoolkit ) includes Axis
handlers for WS-security. I guess its part of Web-Sphere now too.
no sources are available. but I heard that there are some IP issues
with WS-Security. maybe thats why IBM did not submit it to
start talking.
Axis can always use more developers/committers.
--
Tom Jordahl
Macromedia Server Development
-Original Message-
From: Darren Marvin [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 09, 2002 11:13 AM
To: [EMAIL PROTECTED]
Subject: FW: WS-security
Hi,
I have also written (as
-Security but is not inconsistent. We have used
HTTPS to provide a secure channel but are interested in using XML Encryption instead
with a view to adopting WS-Security and later OGSA Grid Security Specifications. I
would be interested in helping out with any extensions to Axis, although some
> This is a great idea. Maybe I can help too. I just wrote
>some handlers that can digitally sign/verify messages. The truth is that
>they contain project-specific code, but this can be removed.
>I'm using apache-xml-security framework but the handlers
>support WS-S
Hi,
This is a great idea. Maybe I can help too. I just wrote
some handlers that can digitally sign/verify messages. The truth is that
they contain project-specific code, but this can be removed.
I'm using apache-xml-security framework but the handlers
support WS-Security and WSS
Great!
Please subscribe to axis-dev and keep us posted on your status.
--
Tom Jordahl
Macromedia Server Development
-Original Message-
From: Joachim (PROGS) [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 09, 2002 10:17 AM
To: [EMAIL PROTECTED]
Subject: Re: WS-security
> No.
> No. Not yet.
> Are you interested in volunteering? :-)
If it hasn't been done yet, then I probably am.
> IBM has publicly shown interoperability with Microsoft using WS-Security,
and I am *guessing* that they used Axis and IBM written handlers to do it.
But no one from IBM has s
No. Not yet.
Are you interested in volunteering? :-)
IBM has publicly shown interoperability with Microsoft using WS-Security, and I am
*guessing* that they used Axis and IBM written handlers to do it. But no one from IBM
has stepped forward to offer this code to the Apache project (hint
Does Axis support WS-security or are there any plans developments for
support?
Thanks for the help,
Joachim
Is there a way I can set the credential (WS-Security) in AXIS beta2?
I am looking at the Call for API to set it .. but I am not clear?
"http://www.w3.org/2001/12/soap-envelope"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext">
...
93 matches
Mail list logo