Streaming-WebServices-Security-Framework inclusion into WSS4J

Hello All Back in january i wrote an email (http://mail-archives.apache.org/mod_mbox/incubator-general/201101.mbox/%3c2011011149.17e83...@mgi.gigerstyle.ch%3E) to the incubator mailing list to discuss the inclusion of swssf as a new incubator project. The feedback was positive but the people

Re: Streaming-WebServices-Security-Framework inclusion into WSS4J

: - In which format do you expect the source? tar? svn dump? Access to my repo? ...? - Is anything else to do from my side (separating, ...), aside re-licensing under the apache license? - Whom should I send the (of course re-licensed) code? Do you have some more questions? Kind regards Marc

Re: Streaming-WebServices-Security-Framework inclusion into WSS4J

Hi Dan, Hi Colm, On Fri, 19 Aug 2011 14:58:04 -0400 Daniel Kulp wrote: > > Yep. From a quick look, there is definitely a bit of work to do with > it. Obviously separating out the CXF and non-CXF parts would also be > a requirement and moving the CXF specific stuff to CXF. (so we don't > end u

Re: Streaming-WebServices-Security-Framework inclusion into WSS4J

> > Colm. > > On Thu, Aug 18, 2011 at 8:06 PM, Marc Giger wrote: > > Hi Colm, > > > > On Thu, 18 Aug 2011 15:18:02 +0100 > > Colm O hEigeartaigh wrote: > > > >> Hi Marc, > >> > >> > So what do you think? Are you intereste

Re: Streaming-WebServices-Security-Framework inclusion into WSS4J

s Marc > > > Dan > > > On Tuesday, August 23, 2011 12:50:20 PM Daniel Kulp wrote: > > On Sunday, August 21, 2011 9:41:42 PM Marc Giger wrote: > > > > There are a few other things to think about with it as well like > > > > interactions wit

Re: Grant for streaming stuff...

Hi Dan, On Thu, 25 Aug 2011 11:19:09 -0400 Daniel Kulp wrote: > Marc, > > The grant hasn't yet been filed which, I think, is the last blocker > for calling the votes. Has this been sent into secretary@ yet? Yes, I sent it on August 23. Got no answer so far. Thank you, Kind regards Marc

Where to discuss security relevant topics in apache ws-projects?

Dear devs, Where to discuss security relevant topics in apache ws-projects? Kind regards Marc -- Lesson 1: Cryptographic protocols should not be developed by a committee. -- Niels Ferguson and Bruce Schneier -- - To unsubscr

Re: Streaming-WebServices-Security-Framework inclusion into WSS4J

y explanations helps a bit to understand swssf. I will be glad to answer further questions you may have. Kind regards Marc > > Thanks in advance. > > > > AmilaJ > > On Wed, Aug 24, 2011 at 2:05 AM, Daniel Kulp wrote: > > On Tuesday, August 23, 2011 9:01:27 PM Marc Giger

Re: Where to discuss security relevant topics in apache ws-projects?

In any case, I think > CXF/Rampart/etc folk with an interest in security keep an eye on this > list. Ok, and what's about potential security holes? Should they be discussed publicly? Thanks again! Kind regards Marc > > Colm. > > On Thu, Aug 25, 2011 at 4:47 PM, Marc Gi

Streaming-WebService-Security-Framework next steps

Hi Colm et al., Because it seems it will be just a matter of time until swssf is getting into the main repo of the ASF I want to ask you what needs to be done to get it into the WSS4J trunk? Colm, you mentioned that swssf could go in the WSS4J 2.0 release. Where does the development of WSS4J taki

Re: Streaming-WebService-Security-Framework next steps

On Mon, 12 Sep 2011 14:59:37 -0400 Daniel Kulp wrote: > On Monday, September 12, 2011 6:01:46 PM Marc Giger wrote: > > Hi Colm et al., > > > > Because it seems it will be just a matter of time until swssf is > > getting into the main repo of the ASF > > Alrea

Re: Streaming-WebService-Security-Framework next steps

be stay in WSS4J. In my eyes it makes only sense if it is usable within santuario for XML-Security processing. No? But give me some time to consider... Marc > > Colm. > > On Mon, Sep 12, 2011 at 7:59 PM, Daniel Kulp wrote: > > On Monday, September 12, 2011 6:01:46 PM

Re: Streaming-WebService-Security-Framework next steps

Hi Amila, On Wed, 14 Sep 2011 21:52:48 +0530 Amila Jayasekara wrote: > > > > That may make sense.  Updating to Neethi 3, removing the Axiom > > stuff (would be a requirement for use with CXF), etc... is also a > > big step.   We'd likely need to look at the CXF policy model and > > double check

Re: Streaming-WebService-Security-Framework next steps

On Wed, 14 Sep 2011 16:03:56 -0400 Daniel Kulp wrote: > On Wednesday, September 14, 2011 2:33:00 PM Daniel Kulp wrote: > > If we go DOM, we can likely copy most of the Policy model and builders > > straight out of CXF since they have been updated for Neethi 3 already. I > > think the base abstr

Re: PROPOSAL to merge Rampart, CXF, swssf AssertionBuilder and Assertion classes

mpart/PolicyBasedResultsValidator.java M modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java M modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java M pom.xml On Thu, 10 Nov 2011 20:02:48 +0100 Marc Giger wrote: >

Re: PROPOSAL to merge Rampart, CXF, swssf AssertionBuilder and Assertion classes

S minus some special things like Transport binding. Perhaps my explanation above will help to find the best way to go. It's just a matter of minutes to move the rampart-policy module to WSS4J because it has no deps to other rampart code. Thanks Marc > > Colm. > > On Tue, N

Re: [VOTE] XmlSchema 2.0.2 Take 2

Hi Dan, Please have a look at https://issues.apache.org/jira/browse/XMLSCHEMA-7. I've attached a patch to the issue which solves the long outstanding bug. It would be really cool if it could be included in the release. Thanks, Marc On Fri, 06 Apr 2012 21:13:23 -0400 Daniel Kulp wrote: > > O

Re: [VOTE] XmlSchema 2.0.2 Take 3

> of the patch for XMLSCHEMA-7 from Marc Giger. > > > Release notes: > http://svn.apache.org/repos/asf/webservices/xmlschema/tags/xmlschema-2.0.2/RELEASE- > NOTE.txt > > The Maven staging repository is at: > https://repository.apache.org/content/repositories/orgapach

Re: WSS4J trunk

On Thu, 16 Aug 2012 10:08:56 +0100 Colm O hEigeartaigh wrote: > WSS4J 2.0 will support streaming WS-Security as well as the existing DOM > based implementation. This will allow a web service to implement > WS-Security with a low memory footprint, albeit with a slight performance > tradeoff. ...a

Re: WSS4J trunk

On Fri, 7 Sep 2012 08:46:46 +0200 Andreas Veithen wrote: > On Thu, Aug 16, 2012 at 4:54 PM, Marc Giger wrote: > > On Thu, 16 Aug 2012 10:08:56 +0100 > > Colm O hEigeartaigh wrote: > > > >> WSS4J 2.0 will support streaming WS-Security as well as the existing DOM &

Re: svn commit: r1418741 - /webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java

Hi Colm, Done: https://issues.apache.org/jira/browse/CXF-4688 Marc On Mon, 10 Dec 2012 09:45:31 + Colm O hEigeartaigh wrote: > Hi Marc, > > Could you raise this in CXF? > > Colm. > > On Sat, Dec 8, 2012 at 7:56 PM, wrote: > > > Author: giger > > Date: Sat Dec 8 19:56:10 2012 > > N

Re: svn commit: r1418741 - /webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java

Hi Dan, I can confirm that CXF 2.6.3 and 2.6.4-SNAPSHOT (20121206) works as expected. Sorry that I did not try out newer versions before reporting the issue... Many thanks, Marc On Mon, 10 Dec 2012 09:12:26 -0500 Daniel Kulp wrote: > > Barring some major issue discovered in the next couple

Re: WSS4J and WS-Security SwA profile

Hi Nathan, A prototype for WSS4J is already done by me and sent out to discuss. At the moment it's not clear whether and when we will see support for WSS-SwA in WSS4J. Other from that upstream project like Axis/Rampart have to be adapted. Thanks, Marc On Tue, 5 Mar 2013 17:42:25 +1100 Nathan

Re: WSS4J and WS-Security SwA profile

Hi Nathan, On Wed, 6 Mar 2013 11:18:04 +1100 Nathan Clement wrote: > Hi Marc, > > Thanks for your reply. I'm only a recent subscriber to this list, so > I haven't seen any discussion about WSS4J and SwA. I searched the > mail archive and JIRA but couldn't see anything. Is your prototype > pu

Re: WSS4J and WS-Security SwA profile

Hi Dan, On Wed, 6 Mar 2013 16:50:09 -0500 Daniel Kulp wrote: > > I'm waiting for feedback from the devs how we will > > proceed (we are busy with WSS4J 2.0). So I can't say more at the > > moment. > > Can I suggest just creating a quick "swa" branch in the repo and > committing it? Or at leas

Re: [VOTE] - Release Apache WSS4J 1.6.11

+1 Thanks, Marc On Tue, 9 Jul 2013 16:42:36 +0100 Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 1.6.11. It only contains a > couple of fixes since 1.6.10, but more importantly it contains > several dependency upgrades, such as XML Security for Java 1.5.5. > > Release no

Re: [VOTE] - Release Apache WSS4J 2.0-beta

+1 Marc On Wed, 30 Oct 2013 11:34:08 + Colm O hEigeartaigh wrote: > Following the release of Apache XML Security for Java 2.0.0-beta, I'd > like to release a beta version of Apache WSS4J 2.0. The intention is > to provide a stable release for testing the new streaming > functionality. >

Re: [VOTE] - Release Apache WSS4J 1.6.13

+1 Thanks, Marc On Wed, 13 Nov 2013 15:17:28 + Colm O hEigeartaigh wrote: > Release notes: > > https://issues.apache.org/jira/browse/WSS/fixforversion/12324993 > > Tag: > > http://svn.apache.org/viewvc/webservices/wss4j/tags/1_6_13/ > > Maven artifacts: > > https://repository.apache

Re: [VOTE] - Release Apache WSS4J 2.0.0-rc1

+1 Thanks, Marc On Mon, 3 Feb 2014 11:09:08 + Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 2.0.0-rc1. This is the last > planned beta/rc release before 2.0.0. > > Maven artifacts: > > https://repository.apache.org/content/repositories/orgapachews-1002/ > > Svn tag

Re: [VOTE - take II] - Release Apache WSS4J 1.6.15

+1 Thanks, Marc On Wed, 2 Apr 2014 16:50:10 +0100 Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 1.6.15. The issues fixed are > here: > > https://issues.apache.org/jira/browse/WSS/fixforversion/12325875 > > The svn tag is: > > http://svn.apache.org/viewvc/webservices/

Re: [VOTE] - Release Apache WSS4J 2.0.0

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 +1 Thanks, Marc On Fri, 2 May 2014 12:18:19 +0100 Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 2.0.0. The issues fixed are: > > https://issues.apache.org/jira/browse/WSS/fixforversion/12320155 > > The maven artifacts are

Re: [VOTE] - Release Apache WSS4J 1.6.16

+1 Thanks, Marc On Wed, 2 Jul 2014 18:16:07 +0100 Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 1.6.16. This release consists > of an Apache Santuario upgrade, some Kerberos interoperability fixes, > as well as a few other fixes. The issues fixed are here: > > https://

Re: [VOTE] - Release Apache WSS4J 2.0.1 (take III)

+1 Thanks, Marc On Fri, 4 Jul 2014 11:44:59 +0100 Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 2.0.1. The new release upgrades > Apache Santuario, fixes some caching problems, and improves Kerberos > interoperability: > > https://issues.apache.org/jira/browse/WSS/fixf

Re: [VOTE] XmlSchema 2.2.0

+1 Thanks, Marc On Wed, 24 Sep 2014 16:39:14 -0400 Daniel Kulp wrote: > This is a vote to release XmlSchema 2.2.0. This version fixes a > couple bugs as well as introduces the new “walker” module for walking > the schema and doing simple validation against it. > > Jira issues: > https://is

Re: [VOTE] - Release Apache WSS4J 2.0.2

+1 Thanks, Marc On Fri, 26 Sep 2014 17:54:28 +0100 Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 2.0.2. It contains some fixes > in relation to SAML processing, a Locale fix, as well as dependency > upgrades for Santuario + BouncyCastle, the latter of which fixes some >

Re: [VOTE] - Release Apache WSS4J 1.6.17

+1 Thanks, Marc On Fri, 26 Sep 2014 17:56:34 +0100 Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 1.6.17. It contains some fixes > in relation to SAML processing, a Locale fix, as well as dependency > upgrades for Santuario + BouncyCastle, the latter of which fixes some >

Re: [VOTE] - Apache WSS4J 1.6.17 distribution

+1 Marc On Mon, 6 Oct 2014 09:26:51 +0100 Colm O hEigeartaigh wrote: > Hi all, > > Unfortunately I screwed up the WSS4J 1.6.17 distribution + so I am > calling another vote on it. I forgot to update the version from > "wss4j-1.6.16" to "wss4j-1.6.17", and so all of the filenames have > the wr

Re: [VOTE] XmlSchema 2.2.1

+1 Thanks, Marc On Wed, 28 Jan 2015 16:31:06 -0500 Daniel Kulp wrote: > This is a vote to release XmlSchema 2.2.1. This is just a patch > release that fixes a single bug that a CXF user has reported: > https://issues.apache.org/jira/browse/XMLSCHEMA-39 > > Staging area: > https://reposito

Re: [VOTE] - Release Apache WSS4J 1.6.18

+1 Thanks, Marc On Tue, 3 Feb 2015 14:43:02 + Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 1.6.18. > > Issued fixed: > > https://issues.apache.org/jira/browse/WSS/fixforversion/12328782 > > Maven artifacts: > > https://repository.apache.org/content/repositories

Re: [VOTE] - Release Apache WSS4J 2.0.3

+1 Thanks, Marc On Tue, 3 Feb 2015 14:40:47 + Colm O hEigeartaigh wrote: > This a vote to release Apache WSS4J 2.0.3. > > Issues fixed: > > https://issues.apache.org/jira/browse/WSS/fixforversion/12328783 > > Maven artifacts: > > https://repository.apache.org/content/repositories/org

Re: [VOTE] - Release Apache WSS4J 2.1.0

+1 Thanks, Marc On Wed, 22 Apr 2015 15:27:37 +0100 Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 2.1.0, a new major release of > the project. The main changes are a minimum requirement of JDK 1.7, > update to use OpenSAML 3, as well as some refactoring to make the > ret

Re: [VOTE] - Release Apache WSS4J 2.0.4

+1 Thanks, Marc On Wed, 22 Apr 2015 18:04:06 +0100 Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 2.0.4. > > Issued fixed: > > https://issues.apache.org/jira/browse/WSS/fixforversion/12329395 > > SVN tag: > > http://svn.apache.org/repos/asf/webservices/wss4j/tags/wss

Re: [VOTE] - Release Apache WSS4J 2.1.1

+1 Marc On Fri, 29 May 2015 18:42:57 +0100 Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 2.1.1. This release fixes an > important bug in 2.1.0, which prevents signing or validating a signed > SAML token in an OSGi container. > > Issues fixed: > > https://issues.apache.

Re: [VOTE] - Release Apache WSS4J 2.0.5 - take II

+1 Thanks, Marc On Tue, 14 Jul 2015 17:30:38 +0100 Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 2.0.5. > > Release artifacts: > https://repository.apache.org/content/repositories/orgapachews-1025/ > > SVN tag: > https://svn.apache.org/repos/asf/webservices/wss4j/tag

Re: [VOTE] - Release Apache WSS4J 2.1.2 - take II

+1 Thanks, Marc On Tue, 14 Jul 2015 17:16:19 +0100 Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 2.1.2. > > Release artifacts: > https://repository.apache.org/content/repositories/orgapachews-1024/ > > SVN tag: > https://svn.apache.org/repos/asf/webservices/wss4j/tag

Re: [VOTE] - Release Apache WSS4J 2.1.5

+1 Thanks, Marc On Wed, 16 Mar 2016 16:09:43 + Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 2.1.5. > > Issues fixed: > > https://issues.apache.org/jira/browse/WSS/fixforversion/12333985 > > SVN tag: > > https://svn.apache.org/repos/asf/webservices/wss4j/tags/ws

Re: [VOTE] - Release Apache WSS4J 2.0.7

+1 Thanks, Marc On Wed, 16 Mar 2016 16:10:56 + Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 2.0.7. > > Issues fixed: > > https://issues.apache.org/jira/browse/WSS/fixforversion/12333984 > > SVN tag: > > https://svn.apache.org/repos/asf/webservices/wss4j/tags/ws

Re: [VOTE] - Release Apache WSS4J 2.1.6

+1 Thanks, Marc On Mon, 20 Jun 2016 12:54:21 +0100 Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 2.1.6. It just consists of some > minor bug fixes, an update for Apache Santuario, and a few backwards > compatibility fixes. > > Issues fixed: > https://issues.apache.org/

Re: [VOTE] - Release Apache WSS4J 2.0.8

+1 Thanks, Marc On Mon, 20 Jun 2016 13:11:12 +0100 Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 2.0.8. It just consists of some > minor bug fixes, an update for Apache Santuario, and a few backwards > compatibility fixes. > > Issues fixed: > https://issues.apache.org/

Re: [VOTE] - Release Apache WSS4J 2.3.0

Hi Colm, +1 Thanks! Marc On Wed, 10 Jun 2020 14:58:02 +0100 Colm O hEigeartaigh wrote: > This is a vote to release Apache WSS4J 2.3.0. This is a major new > release of WSS4J. > > > Significant chan

[jira] [Created] (WSS-311) Streaming-WebService-Security-Framework contribution/donation

Reporter: Marc Giger Assignee: Colm O hEigeartaigh -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira - To unsubscribe, e-mail: dev

[jira] [Created] (WSS-403) Use a common method for all of the P_hash implementations

Marc Giger created WSS-403: -- Summary: Use a common method for all of the P_hash implementations Key: WSS-403 URL: https://issues.apache.org/jira/browse/WSS-403 Project: WSS4J Issue Type

[jira] [Created] (WSS-405) Support for XML Encryption 1.1 algorithms

Marc Giger created WSS-405: -- Summary: Support for XML Encryption 1.1 algorithms Key: WSS-405 URL: https://issues.apache.org/jira/browse/WSS-405 Project: WSS4J Issue Type: Task Components

[jira] [Commented] (WSS-405) Support for XML Encryption 1.1 algorithms

[ https://issues.apache.org/jira/browse/WSS-405?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13459869#comment-13459869 ] Marc Giger commented on WSS-405: Implemented in r1388156 . Colm, Please review the cha

[jira] [Resolved] (WSS-405) Support for XML Encryption 1.1 algorithms

[ https://issues.apache.org/jira/browse/WSS-405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-405. Resolution: Fixed Thanks Colm:-) > Support for XML Encryption 1.1 algorit

[jira] [Created] (WSS-408) StAX - Exception handling and correct Fault-Codes per WSS spec

Marc Giger created WSS-408: -- Summary: StAX - Exception handling and correct Fault-Codes per WSS spec Key: WSS-408 URL: https://issues.apache.org/jira/browse/WSS-408 Project: WSS4J Issue Type: Bug

[jira] [Commented] (WSS-408) StAX - Exception handling and correct Fault-Codes per WSS spec

[ https://issues.apache.org/jira/browse/WSS-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13471220#comment-13471220 ] Marc Giger commented on WSS-408: resolved in r1395291 > StAX - Ex

[jira] [Resolved] (WSS-403) Use a common method for all of the P_hash implementations

[ https://issues.apache.org/jira/browse/WSS-403?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-403. Resolution: Fixed Assignee: Marc Giger (was: Colm O hEigeartaigh) resolved in r132

[jira] [Commented] (WSS-386) Introduce proprietary Compress-Transformation for Encryption / Decryption

[ https://issues.apache.org/jira/browse/WSS-386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13485678#comment-13485678 ] Marc Giger commented on WSS-386: -Introduced in r1328294. - Moved from santuario to wss4

[jira] [Resolved] (WSS-386) Introduce proprietary Compress-Transformation for Encryption / Decryption

[ https://issues.apache.org/jira/browse/WSS-386?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-386. Resolution: Fixed > Introduce proprietary Compress-Transformation for Encryption / Decrypt

[jira] [Commented] (WSS-400) Support processing an Embedded child of a SecurityTokenReference for the Stax code

[ https://issues.apache.org/jira/browse/WSS-400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13485986#comment-13485986 ] Marc Giger commented on WSS-400: Hi Colm, I did take a look how to implement this in

[jira] [Updated] (WSS-400) Support processing an Embedded child of a SecurityTokenReference for the Stax code

[ https://issues.apache.org/jira/browse/WSS-400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger updated WSS-400: --- Attachment: embedded-token.patch Attached patch for initial support for embedded tokens. Just to not loose the

[jira] [Updated] (WSS-400) Support processing an Embedded child of a SecurityTokenReference for the Stax code

[ https://issues.apache.org/jira/browse/WSS-400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger updated WSS-400: --- Fix Version/s: (was: 2.0) > Support processing an Embedded child of a SecurityTokenReference for

[jira] [Commented] (WSS-353) Add support in the streaming code for decrypting an EncryptedKey in the Subject of a SAML Assertion.

[ https://issues.apache.org/jira/browse/WSS-353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13491598#comment-13491598 ] Marc Giger commented on WSS-353: resolved in r1406211. Some testcases are commented out

[jira] [Commented] (WSS-354) Add support for specifying different algs for sign or c14n a SAML Assertion in the streaming code.

[ https://issues.apache.org/jira/browse/WSS-354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13493064#comment-13493064 ] Marc Giger commented on WSS-354: Hi Colm, The StAX code uses the same API as the DOM

[jira] [Commented] (WSS-356) Investigate signing Crypto differences

[ https://issues.apache.org/jira/browse/WSS-356?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13493070#comment-13493070 ] Marc Giger commented on WSS-356: Hi Colm, Do you mean the issuer crypto instance whic

[jira] [Commented] (WSS-355) Reconcile SAMLCallback between the two implementations

[ https://issues.apache.org/jira/browse/WSS-355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13493094#comment-13493094 ] Marc Giger commented on WSS-355: Hi Colm, The StAX and DOM productive code uses the

[jira] [Commented] (WSS-348) Refactor Caching nonces/timestamp functionality to be used by both implementations

[ https://issues.apache.org/jira/browse/WSS-348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13493126#comment-13493126 ] Marc Giger commented on WSS-348: The DOM code uses by default a self made InMemory c

[jira] [Resolved] (WSS-353) Add support in the streaming code for decrypting an EncryptedKey in the Subject of a SAML Assertion.

[ https://issues.apache.org/jira/browse/WSS-353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-353. Resolution: Fixed Assignee: Marc Giger (was: Colm O hEigeartaigh) > Add support in the stream

[jira] [Commented] (WSS-353) Add support in the streaming code for decrypting an EncryptedKey in the Subject of a SAML Assertion.

[ https://issues.apache.org/jira/browse/WSS-353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13493833#comment-13493833 ] Marc Giger commented on WSS-353: tests and cleanups in r1407389. &

[jira] [Commented] (WSS-354) Add support for specifying different algs for sign or c14n a SAML Assertion in the streaming code.

[ https://issues.apache.org/jira/browse/WSS-354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13493908#comment-13493908 ] Marc Giger commented on WSS-354: Hi Colm, If I understand you correctly the following

[jira] [Resolved] (WSS-356) Investigate signing Crypto differences

[ https://issues.apache.org/jira/browse/WSS-356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-356. Resolution: Not A Problem Assignee: Marc Giger (was: Colm O hEigeartaigh) Hi Colm, Both

[jira] [Commented] (WSS-348) Refactor Caching nonces/timestamp functionality to be used by both implementations

[ https://issues.apache.org/jira/browse/WSS-348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13493924#comment-13493924 ] Marc Giger commented on WSS-348: Hi Dan & Colm, Yes, I do agree to the interfa

[jira] [Resolved] (WSS-355) Reconcile SAMLCallback between the two implementations

[ https://issues.apache.org/jira/browse/WSS-355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-355. Resolution: Fixed Assignee: Marc Giger (was: Colm O hEigeartaigh) resolved in 1408279

[jira] [Resolved] (WSS-354) Add support for specifying different algs for sign or c14n a SAML Assertion in the streaming code.

[ https://issues.apache.org/jira/browse/WSS-354?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-354. Resolution: Fixed Assignee: Marc Giger (was: Colm O hEigeartaigh) resolved in r1408300

[jira] [Resolved] (WSS-352) Reconcile AssertionWrapper & SAMLAssertionWrapper

[ https://issues.apache.org/jira/browse/WSS-352?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-352. Resolution: Fixed Resolved during integration into trunk and by other changes. Both implementations share

[jira] [Resolved] (WSS-362) Port Kerberos & SPNEGO work to streaming code

[ https://issues.apache.org/jira/browse/WSS-362?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-362. Resolution: Fixed Assignee: Marc Giger (was: Colm O hEigeartaigh) resolved in r1416670 and r1417417

[jira] [Commented] (WSS-373) Check sender-vouches and holder-of-key requirements for SAML tokens.

[ https://issues.apache.org/jira/browse/WSS-373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13527213#comment-13527213 ] Marc Giger commented on WSS-373: Implemented in r1418719 for StAX (Btw, independent of

[jira] [Commented] (WSS-373) Check sender-vouches and holder-of-key requirements for SAML tokens.

[ https://issues.apache.org/jira/browse/WSS-373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13527828#comment-13527828 ] Marc Giger commented on WSS-373: Good morning Colm:-) Quick question: Shouldn't it

[jira] [Commented] (WSS-375) Support IssuedToken policy validation

[ https://issues.apache.org/jira/browse/WSS-375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13529099#comment-13529099 ] Marc Giger commented on WSS-375: RSTT in r1420252. > Support Issu

[jira] [Commented] (WSS-371) Add support for (custom) GCM algorithm-suites.

[ https://issues.apache.org/jira/browse/WSS-371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13529213#comment-13529213 ] Marc Giger commented on WSS-371: Hi Colm, Please take a look at commit r1420331. This i

[jira] [Commented] (WSS-415) Reject RSA v1.5 Key Transport Algorithm by default

[ https://issues.apache.org/jira/browse/WSS-415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13529756#comment-13529756 ] Marc Giger commented on WSS-415: Colm, Would you like to reject RSA 1.5 in santuario to

[jira] [Commented] (WSS-413) EncryptedKey security issue with streaming code

[ https://issues.apache.org/jira/browse/WSS-413?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13529853#comment-13529853 ] Marc Giger commented on WSS-413: Colm, Do you think it is a problem if I handle thi

[jira] [Commented] (WSS-371) Add support for (custom) GCM algorithm-suites.

[ https://issues.apache.org/jira/browse/WSS-371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13530144#comment-13530144 ] Marc Giger commented on WSS-371: Hi Colm, Ok, will do so. In which namespace should

[jira] [Resolved] (WSS-413) EncryptedKey security issue with streaming code

[ https://issues.apache.org/jira/browse/WSS-413?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-413. Resolution: Fixed Assignee: Marc Giger (was: Colm O hEigeartaigh) resolved in r1421261 in santuario

[jira] [Resolved] (WSS-415) Reject RSA v1.5 Key Transport Algorithm by default

[ https://issues.apache.org/jira/browse/WSS-415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-415. Resolution: Fixed Assignee: Marc Giger (was: Colm O hEigeartaigh) resolved in r1421768

[jira] [Updated] (WSS-371) Add support for (custom) GCM algorithm-suites.

[ https://issues.apache.org/jira/browse/WSS-371?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger updated WSS-371: --- Attachment: gcm-algosuite.patch patch to integrate GCMAlgorithmSuite into wss4j if needed

[jira] [Resolved] (WSS-371) Add support for (custom) GCM algorithm-suites.

[ https://issues.apache.org/jira/browse/WSS-371?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-371. Resolution: Fixed Assignee: Marc Giger (was: Colm O hEigeartaigh) > Add support for (custom)

[jira] [Resolved] (WSS-370) Add CXF support for custom Algorithm Suites.

[ https://issues.apache.org/jira/browse/WSS-370?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-370. Resolution: Won't Fix Assignee: Marc Giger (was: Colm O hEigeartaigh) @see comments in WS

[jira] [Commented] (WSS-363) Support pluggable Validation of received tokens as per DOM code

[ https://issues.apache.org/jira/browse/WSS-363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13555105#comment-13555105 ] Marc Giger commented on WSS-363: Implemented in r1433975. Most probably more work ne

[jira] [Resolved] (WSS-414) Ensure that Algorithms are checked in streaming code before they are used

[ https://issues.apache.org/jira/browse/WSS-414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-414. Resolution: Fixed Assignee: Marc Giger (was: Colm O hEigeartaigh) r1423819 in Santuario r1423838 in

[jira] [Updated] (WSS-430) Support for secured SOAP attachments

[ https://issues.apache.org/jira/browse/WSS-430?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger updated WSS-430: --- Attachment: santuario-swa.diff wss4j-swa.diff > Support for secured SOAP attachme

[jira] [Created] (WSS-430) Support for secured SOAP attachments

Marc Giger created WSS-430: -- Summary: Support for secured SOAP attachments Key: WSS-430 URL: https://issues.apache.org/jira/browse/WSS-430 Project: WSS4J Issue Type: New Feature

[jira] [Commented] (WSS-363) Support pluggable Validation of received tokens as per DOM code

[ https://issues.apache.org/jira/browse/WSS-363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13604622#comment-13604622 ] Marc Giger commented on WSS-363: Subject and Prinicpal access in r145

[jira] [Commented] (WSS-363) Support pluggable Validation of received tokens as per DOM code

[ https://issues.apache.org/jira/browse/WSS-363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13604629#comment-13604629 ] Marc Giger commented on WSS-363: ...and some missing classes in r145

[jira] [Resolved] (WSS-412) Unify error messages for the streaming code

[ https://issues.apache.org/jira/browse/WSS-412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-412. Resolution: Fixed Assignee: Marc Giger (was: Colm O hEigeartaigh) @see WSS-413 and r1457492

[jira] [Commented] (WSS-408) StAX - Exception handling and correct Fault-Codes per WSS spec

[ https://issues.apache.org/jira/browse/WSS-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13604677#comment-13604677 ] Marc Giger commented on WSS-408: ... and r1457492. > StAX - Ex

[jira] [Resolved] (WSS-408) StAX - Exception handling and correct Fault-Codes per WSS spec

[ https://issues.apache.org/jira/browse/WSS-408?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-408. Resolution: Fixed > StAX - Exception handling and correct Fault-Codes per WSS s

[jira] [Resolved] (WSS-378) Update tests in ws-security module to check security events.

[ https://issues.apache.org/jira/browse/WSS-378?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-378. Resolution: Fixed Some additinal checks in r1457538. > Update tests in ws-security module

[jira] [Resolved] (WSS-364) Ensure that SecurityEvents let us see what was processed for the non-policy case.

[ https://issues.apache.org/jira/browse/WSS-364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Giger resolved WSS-364. Resolution: Fixed Some additinal checks in r1457538. > Ensure that SecurityEvents let us

  1   2   >