http://svn.apache.org/viewcvs.cgi/webservices/commons/trunk/policy/?rev=348394
Is this relevant to what you have in mind?
/Jongjin Choi
On 11/23/05, Dittmann, Werner <[EMAIL PROTECTED]> wrote:
All,
during the discussion with Allen IMHO we should have a closer
look into the WS-Policy* stuff (again). WSS4J as it stands now
(not looking at the sandbox code) provides methods to create
Sceurity headers in a request and to parse/validate them.
The check at the receiver if the request contains all required
security actions is rudimentary only.
To enhance the action checking and also the way how the sender
controls the setup the request we shall consider to use WS-Policy*
specs.
Some ideas:
- At the sender side we could have a parser that sets up internal
structures that drive/control how the WSS4J handlers create the
security functions (some time ago this topic was shortly discussed
on this list, I'll have a look in the archives). To avoid to much
parsing we need to have some sort of "global, per service" location
to store this internal structure (somewhere in the Axis data
structures?)
- At the receiver side a similar parser (the same?) can setup an
internal structure which a "Policy checker" can use to verify the
results generated during parsing/verification of the security
headers.
Both new modules could be "plugged-in" similar to the
"action/processor" structure now in use in WSS4J.
Is there some code that could be used to start e.g. a parser for
the relevant WS-Policy* specs?
Any more ideas? Volunteers :-) ?
Regards,
Werner
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
