axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: [Axis2] [Rampart] ws-trust negotiation and challenge extension support
Date Sun, 12 Feb 2012 17:28:15 GMT
2012/2/10 Ruchith Fernando <>

> Hi Filippo,
> Yes, this is like yet another web service now. What rampart provides
> at this point is an API to construct required elements and if you
> apply security policy to an operation then the results of processing
> the security header will be available at the issuer implementation
> through the RahasData instance.
> However I don't think this will interop with other implementation of
> WS-Trust but it should work for your scenario.

In my scenario, i don't want any security header now, because i want a
negotiation between two entity that are completely unknown and don't trust,
for example, in public certificate from any CA; i'm trying to work in a
completely open scenario, where two entities make an agreement, if it's
possible depending on their own policies, trough a negotiation. These
policies are exchanged in the initial messages of the negotiation and are
expressed with WS-Policy; so i need to include, in my
RequestSecurityTokenResponse (that is in the soap body of messages)
<wsp:Policy> elements , included in their turn into custom elements defined
by a xml-schema. So i imagine that i don't need any security header;
instead i need, maybe, some signature material inside my custom xml
structure, within <wst:RequestSecurityTokenResponse>. If i need to extract
information from signature material element, do u think i need rampart api?
Do u think in my client and MyIssuer, can i use API to use some security
element, everywhere this element is put in the soap message? I mean,
Rampart and Rahas (as u said for ex a RahasData instanze) give us API to
process only ordinary message, with security header, or i can use them to
process element, containing security element (such as siganture material),
wherever these element is put in the message? What do u think about?
 I know that i'm perhaps too general with this questions, but my scenario
has to be as open as possible, and in this point i even know exactly the
details. In my messages i have to transport policies, expressed with
WS-Policy, and security token representing credential, that can be
x509token, or other custom credential. I'm thinkin also about using SAML
token to represent credential (for example a document that assures that *i'm
a student of "XXXX" university, since 2004*...these are the type of
credentials i need), maybe u know if it's possible?

p.s: in my prevous messages i omitted a detail: both client and service has
to communicate with a framework, that can guide the negotiation, processing
the input message and creating the output message. The problem is that this
framework uses properly message format, so i need to do a 1:1 translation
between Trust messages and message used by framework. This is the reason
why i need in every message to extract the information, on order to do this

Thanks a lot!
Filippo A.

View raw message