axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruchith Udayanga Fernando (JIRA)" <>
Subject [jira] Commented: (AXIS2-2018) RAMPART : Incoming policy validation of Bulk Encryption Algorithms.
Date Tue, 23 Jan 2007 16:58:49 GMT


Ruchith Udayanga Fernando commented on AXIS2-2018:

Hi Hans,

Yes you are correct.

The problem is that we are not capturing the information required to verify whether the correct
algorithm suite in WSs4J.

We need to update WSS4J to include algo information on the encrypted parts and signed parts
and then we can use that information in the PolicyBasedResultsValidator of Rampart.


> RAMPART : Incoming policy validation of Bulk Encryption Algorithms.
> -------------------------------------------------------------------
>                 Key: AXIS2-2018
>                 URL:
>             Project: Apache Axis 2.0 (Axis2)
>          Issue Type: Bug
>          Components: modules
>            Reporter: Hans G Knudsen
> Hi!
> Rampart does not seem to validate the bulk encryption algorithm on an incoming message
againts the algorithm specified in the policy.
> eg
> when <sp:Basic256/> / <sp:Basic256Rsa15/> is specified - check that received
algorithm url is
> - same for 128 + 192 bit aes..
> when  <sp:TripleDes>  ->
> Would it conform to WS-standards to make these checks/validations ??
> The needed information from the received messages is not collected by WSS4J / WSSecurityEngineResult,
and the original encrypted parts has been decrypted/replaced when reaching PolicyBasedResultsValidator,
so a few changes would be needed...
> Should I add a "Collect Encryption algs for Encrypted Parts" on WSS4J issue :
> /hans

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message