Apologize for duplicate post but had the client-side configuration details
wrong.
Here goes again:
*******************************
We have been using Axis1 and WSS4J in production for 3 years now. Our token
configuration varies by client but typically is Usernametoken encrypt,
timestamp with nonce.
Recently we have begun the preparations to convert our clients and services to
support Axis2 and Rampart.
Out of this effort I have been running micro benchmarks for the following 4
scenarios:
UNT1: Usernametoken, unencrypt, unsigned, timestamp, nonce
UNT2: Usernametoken, unencrypt, signed, timestamp, nonce
UNT3: Usernametoken, encrypt, signed, timestamp, nonce
UNT4: Usernametoken, encrypt, signed, timestamp, nonce
Each of the 4 scenarios are encrypting and signing the username token itself.
No encryption of elements within XML payload have been benchmarked.
The test results show:
* signing username token is relatively unexpensive.
* encrypting username token is relatively expensive.
Related to 2nd bullet above. Is there something we are doing wrong? Our
results show a 35% dropoff in overall throughput when enabling
encryption of the username token. Are these results consistent with others
findings on same, or are we likely doing something wrong here?
More details on the tests can be found below:
Client Machine 1:
* AMD 64 Dual Core
* 2 GHz, 2 GB RAM
* WinXP
* Axis2 client driven by Jmeter
Server Machine 2:
* Intel Dual core
* 2 GHz, 3 GB RAM
* Linux - Centos 5
* Running in Tomcat 5.5.x
* Both machines using Java 1.5
Test Objective:
* Compare the 4 UNT types, measure relative performance costs for
performing cryptographic functions.
4 Test Cases:
* 10 threads X 5000 service transactions = 50K transactions per test.
Benchmark Summary
1. UNT1
i. Avg response time: 116 ms
ii. Avg throughput: 85.2/s
iii.Avg CPU utilization (client): 37%
2. UNT2
i. Avg response time: 127 ms
ii. Avg throughput: 78.3/s
iii.Avg CPU utilization (client): 42%
3. UNT3
i. Avg response time: 177 ms
ii. Avg throughput: 56.2/s
iii.Avg CPU utilization (client): 34%
4. UNT4
i. Avg response time: 181 ms
ii. Avg throughput: 54.8/s
iii.Avg CPU utilization (client): 36%
Client-side config:
<parameter name="OutflowSecurity">
<action>
...
<!-- UNT1: -->
<items>UsernameToken Timestamp</items>
<!-- UNT2: -->
<!--items>UsernameTokenSignature Timestamp</items-->
<!-- UNT3: -->
<!--items>UsernameToken Encrypt Timestamp</items-->
<!-- UNT4: -->
<!--items>UsernameTokenSignature Encrypt Timestamp</items-->
...
<passwordType>PasswordText</passwordType>
<addUTElements>Nonce Created</addUTElements>
<encryptionParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</encryptionParts>
signatureParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</signatureParts>
</action>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
