Hi, Please see my comments below:
On 9/1/05, Edson Camargo <[EMAIL PROTECTED]> wrote: > Hi, > > My name is Edson, I am a master degree student and my research include > the development of a web service aplication. In this aplication, among > others security requeriments, there is a STS that works basically > issuing a SAML token and establishing trust relationships, according to > ws-trust specification. > > I've been working for a while with wss4j and having good results with > encryption, signature, token... etc. Now I intend to work with > deployment of STS. In the wss4j API there are 2 kinds of package that > works with "ws-trust": "org.apache.ws.security.trust" and > "org.apache.ws.security.trust2". The first one seems to be in developing > process while the other one seems to be stuck. Is this correct? > > I've made some tests with samples in package trust2 > (org.apache.ws.security.trust2.samples), but I tryed locally, without > axis. This means that I've made a local call on method "exchange", > because the sample seem not to work when I use axis. I'm using AXIS > 1.2.1 (final) and JAVA 1.5. Could it be any kind of problems with AXIS > or Java? > > Could anyone tell me about the deployment (status) of "ws-trust" > specification on the wss4j project? What still need to do? Is there any > way that I can help you? What are the differences between > org.apache.ws.security.trust and org.apache.ws.security.trust2? > org.apache.ws.security.trust and org.apache.ws.security.trust2 are two different WS-Trust implementations. I started refactoring org.apache.ws.security.trust ... unfortunately didn't get to finish it. I can give you some pointers as to where you can help with this one. The plan was to build an object model for WS-Trust first where it'll be convenient for the developer to deal with different issue,request, validate and cancel scenarios. This model is to be SOAP engine independant and it depends on DOM. Following link will take you to the where we have this incomplete object model: http://svn.apache.org/viewcvs.cgi/webservices/wss4j/trunk/src/org/apache/ws/sandbox/security/trust/message/token/ Each type in this object model has two constructors: 1.) One which accepts a DOM document - for creating the model by scratch - this is used when we are sending out requests, to build the request. 2.) One which accepts a DOM Element - to process an incomming message and obtain the object model to work on. - We have to complete this object model - The we have to develop a configurable way of making requests to a given STS and returning the acuired tokens and proof of possession token to the requesting client for other use. - The Axis STS: This was orignally designed to accept the requests and simply develgate the requests to a STSManager (org.apache.ws.sandbox.security.trust.STSManager), where this STSManager can be configure with different Issuers (implements org.apache.ws.sandbox.security.trust.issue.STIssuer) , Renewers (implements org.apache.ws.sandbox.security.trust.issue.STRenewer) and Validatos (implements org.apache.ws.sandbox.security.trust.issue.STvalidator) These issers, validators, renewers, cancellors will use the earlier mentioned object model to manipulate the requests and responses. We should be able to use this same setup for the STS and implement some commonly used Issers as well. > Thanks in advance, > > Edson > Master Degree Student > LCMI / DAS / UFSC > 88.040-900 - Brazil - Florianópolis - SC > > > > > > > > > > > > > Olá, > > Meu nome é Edson, sou aluno de mestrado e minha pesquisa inclui o > desenvolvimento de uma aplicação em serviços web. Nessa aplicação, entre > vários requisitos de segurança, há um STS que deve lidar basicamente com > a emissão de um SAML token. Já estou trabalhando um tempo com a wss4j e > conseguido bons resultados com encryption, signature, tokens... etc. > Agora estou partindo para o desenvolvimento do STS. Analisando a api > wss4j vi que há 2 tipos de pacotes que lidam com a "ws-trust": trust e > trust2. O primeiro parece ser o que realmente está em desenvolvimento, > correto? Testei o exemplo que está em trust2, mas sem o AXIS, fiz uma > chamada normal, porque o exemplo não funcionou com o meu axis. Tenho o > AXIS 1.2.1 e JAVA 1.5. Você poderia me informar o status/situação do > desenvolvimento da especificação ws-trust pela wss4j? O que ainda falta > ser feito? Como ela realmente funcionar? como eu posso ajudar? > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > Hope this helps... Pls let us know if you are interested in working on org.apache.ws.sandbox.security.trust.* stuff ... Thanks -- Ruchith --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
