Return-Path: 
 <axis-user-return-9795-apmail-xml-axis-user-archive=xml.apache.org@xml.apache.org>
Delivered-To: apmail-xml-axis-user-archive@xml.apache.org
Received: (qmail 82149 invoked by uid 500); 9 Dec 2002 16:19:07 -0000
Mailing-List: contact axis-user-help@xml.apache.org; run by ezmlm
Precedence: bulk
Reply-To: axis-user@xml.apache.org
list-help: <mailto:axis-user-help@xml.apache.org>
list-unsubscribe: <mailto:axis-user-unsubscribe@xml.apache.org>
list-post: <mailto:axis-user@xml.apache.org>
Delivered-To: mailing list axis-user@xml.apache.org
Received: (qmail 82134 invoked from network); 9 Dec 2002 16:19:06 -0000
Message-ID: 
 <CB1FF0A474AEA84EA0206D5B05F6A4CB02F26F60@S1001EXM02.macromedia.com>
From: Tom Jordahl <tomj@macromedia.com>
To: "'axis-user@xml.apache.org'" <axis-user@xml.apache.org>
Subject: RE: WS-security
Date: Mon, 9 Dec 2002 11:19:10 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N


Make sure you take a look at the XML-Sec stuff already built in to Axis that supports digitally signing messages.

Get together and work as a team on this, that's the Apache way.  We use axis-dev and IRC to communicate between team members, so you should not be afraid to jump in and start talking.

Axis can always use more developers/committers.

--
Tom Jordahl
Macromedia Server Development



-----Original Message-----
From: Darren Marvin [mailto:djm@it-innovation.soton.ac.uk]
Sent: Monday, December 09, 2002 11:13 AM
To: axis-user@xml.apache.org
Subject: FW: WS-security


Hi,

I have also written (as part of company projects) some axis handlers for digitally signing and verifying messages based on suggestions in the W3C SOAP Digital Signature Note. They are completely reusable and open source. It is slightly different from the XML Signature stuff proposed for WS-Security but is not inconsistent. We have used HTTPS to provide a secure channel but are interested in using XML Encryption instead with a view to adopting WS-Security and later OGSA Grid Security Specifications. I would be interested in helping out with any extensions to Axis, although some restrictions may exist over the stuff already created.

Thanks,

Darren.



-----Original Message-----
From: Joachim (PROGS) [mailto:joachim@progs.be]
Sent: 09 December 2002 15:50
To: axis-user@xml.apache.org
Subject: Re: WS-security


> This is a great idea. Maybe I can help too. I just wrote
>some handlers that can digitally sign/verify messages. The truth is that
>they contain project-specific code, but this can be removed.
>I'm using apache-xml-security framework but the handlers
>support WS-Security and WSS-Core recommendations.[ Well "support"
>may be too strong, but anyway - they try ... :) ]

That is basically the kind of functionality I would need. So your code may
just about fit my requiremenents, and be a good start to have full support.

Joachim