axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amila Jayasekara <ami...@wso2.com>
Subject Selecting policy version for a given secure conversation scenario
Date Sun, 16 Jan 2011 16:36:57 GMT
Hi All,

Rampart supports 2 versions of policy specs.
They are,
   1.WS - Security Policy - 1.1 - July 2005
   2. WS - Security Policy - 1.2

For secure conversation Rampart uses following namespaces irrespective
of the policy version used.
          addressing - http://schemas.xmlsoap.org/ws/2004/08/addressing
          secure conversation - http://schemas.xmlsoap.org/ws/2005/02/sc
          trust - http://schemas.xmlsoap.org/ws/2005/02/trust

But above namespaces are only defined in "WS - Security Policy - 1.1 -
July 2005" specification. (Which is a non standard specification)

Standard policy specification (WS - Security Policy - 1.2) mentioned
following namespaces for above specifications,
          addressing - http://www.w3.org/2005/08/addressing
          secure conversation -
http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512
          trust - http://docs.oasis-open.org/ws-sx/ws-trust/200512

But current implementation does not take care about the policy version
and always goes with the namespaces defined for "WS - Security Policy
- 1.1 - July 2005".
This behaviour is reported in issue [1].

What is the best way to decide which namespace to be used in a secure
conversation scenario ? (for addressing, secure conversation and trust
specs)

IMO, we should select namespaces based on the policy version. i.e.
select http://www.w3.org/2005/08/addressing namespace for addressing,
if the policy version is standard, else select
http://schemas.xmlsoap.org/ws/2004/08/addressing as addressing version
if the policy refers to July 2005 spec.

Please give feedback on how to select namespace version for a given scenario.

[1] https://issues.apache.org/jira/browse/RAMPART-299

Thank you
AmilaJ

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message