cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r860515 - in /websites/production/cxf/content: cache/docs.pageCache docs/ docs/ docs/xml-key-management-service-xkms.html
Date Wed, 01 May 2013 19:48:06 GMT
Author: buildbot
Date: Wed May  1 19:48:06 2013
New Revision: 860515

Production update by buildbot for cxf

  (with props)

Modified: websites/production/cxf/content/cache/docs.pageCache
Binary files - no diff available.

Added: websites/production/cxf/content/docs/
Binary file - no diff available.

Propchange: websites/production/cxf/content/docs/
    svn:mime-type = image/jpeg

Added: websites/production/cxf/content/docs/xml-key-management-service-xkms.html
--- websites/production/cxf/content/docs/xml-key-management-service-xkms.html (added)
+++ websites/production/cxf/content/docs/xml-key-management-service-xkms.html Wed May  1 19:48:06
@@ -0,0 +1,194 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "">
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+  <head>
+    <link type="text/css" rel="stylesheet" href="">
+    <script src="" type="text/javascript"></script>
+<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+<meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture,
web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support,
integration standards, application integration, middleware, software, solutions, services,
CXF, open source">
+<meta name="description" content="Apache CXF, Services Framework - XML Key Management
Service (XKMS)">
+    <title>
+Apache CXF -- XML Key Management Service (XKMS)
+    </title>
+  </head>
+<body onload="init()">
+<table width="100%" cellpadding="0" cellspacing="0">
+  <tr>
+    <td id="cell-0-0" colspan="2">&nbsp;</td>
+    <td id="cell-0-1">&nbsp;</td>
+    <td id="cell-0-2" colspan="2">&nbsp;</td>
+  </tr>
+  <tr>
+    <td id="cell-1-0">&nbsp;</td>
+    <td id="cell-1-1">&nbsp;</td>
+    <td id="cell-1-2">
+      <div style="padding: 5px;">
+        <div id="banner">
+          <!-- Banner -->
+<div id="banner-content">
+<table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left"
colspan="1" nowrap>
+<a shape="rect" href="" title="Apache CXF"><span style="font-weight:
bold; font-size: 170%; color: white">Apache CXF</span></a>
+</td><td align="right" colspan="1" nowrap>
+<a shape="rect" href="" title="The Apache Sofware Foundation"><img
border="0" alt="ASF Logo" src=""></a>
+          <!-- Banner -->
+        </div>
+      </div>
+      <div id="top-menu">
+        <table border="0" cellpadding="1" cellspacing="0" width="100%">
+          <tr>
+            <td>
+              <div align="left">
+                <!-- Breadcrumbs -->
+<a href="index.html">Index</a>&nbsp;&gt;&nbsp;<a href="xml-key-management-service-xkms.html">XML
Key Management Service (XKMS)</a>
+                <!-- Breadcrumbs -->
+              </div>
+            </td>
+            <td>
+              <div align="right">
+                <!-- Quicklinks -->
+<div id="quicklinks"><p><a shape="rect" href="">Download</a>
| <a shape="rect" href="">Documentation</a></p></div>
+                <!-- Quicklinks -->
+              </div>
+            </td>
+          </tr>
+        </table>
+      </div>
+    </td>
+    <td id="cell-1-3">&nbsp;</td>
+    <td id="cell-1-4">&nbsp;</td>
+  </tr>
+  <tr>
+    <td id="cell-2-0" colspan="2">&nbsp;</td>
+    <td id="cell-2-1">
+      <table>
+        <tr valign="top">
+          <td height="100%">
+            <div id="wrapper-menu-page-right">
+              <div id="wrapper-menu-page-top">
+                <div id="wrapper-menu-page-bottom">
+                  <div id="menu-page">
+                    <!-- NavigationBar -->
+<div id="navigation"><ul class="alternate" type="square"><li><a shape="rect"
href="overview.html" title="Overview">Overview</a></li><li><a shape="rect"
href="how-tos.html" title="How-Tos">How-Tos</a></li><li><a shape="rect"
href="frontends.html" title="Frontends">Frontends</a></li><li><a shape="rect"
href="databindings.html" title="DataBindings">DataBindings</a></li><li><a
shape="rect" href="transports.html" title="Transports">Transports</a></li><li><a
shape="rect" href="configuration.html" title="Configuration">Configuration</a></li><li><a
shape="rect" href="debugging-and-logging.html" title="Debugging and Logging">Debugging
and Logging</a></li><li><a shape="rect" href="tools.html" title="Tools">Tools</a></li><li><a
shape="rect" href="restful-services.html" title="RESTful Services">RESTful Services</a></li><li><a
shape="rect" href="wsdl-bindings.html" title="WSDL Bindings">WSDL Bindings</a></li><li><a
shape="rect" href="service-routing.html" title="Service Routing">Service 
 Routing</a></li><li><a shape="rect" href="dynamic-languages.html" title="Dynamic
Languages">Dynamic Languages</a></li><li><a shape="rect" href="ws-support.html"
title="WS-* Support">WS-* Support</a></li><li><a shape="rect" href="advanced-integration.html"
title="Advanced Integration">Advanced Integration</a></li><li><a shape="rect"
href="deployment.html" title="Deployment">Deployment</a></li><li><a
shape="rect" href="schemas-and-namespaces.html" title="Schemas and Namespaces">Use of Schemas
and Namespaces</a></li></ul>
+<ul class="alternate" type="square"><li>Search
+<form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="">
+  <div>
+    <input type="hidden" name="cx" value="002890367768291051730:o99qiwa09y4">
+    <input type="hidden" name="ie" value="UTF-8">
+    <input type="text" name="q" size="21">
+    <input type="submit" name="sa" value="Search">
+  </div>
+<script type="text/javascript" src=";lang=en"></script>
+<ul class="alternate" type="square"><li><a shape="rect" href="">API
(Javadoc)</a></li><li><a shape="rect" href="">CXF
+                    <!-- NavigationBar -->
+                  </div>
+              </div>
+            </div>
+          </div>
+         </td>
+         <td height="100%">
+           <!-- Content -->
+           <div class="wiki-content">
+<div id="ConfluenceContent"><h1><a shape="rect" name="XMLKeyManagementService%28XKMS%29-XMLKeyManagementService%28XKMS%29"></a>XML
Key Management Service (XKMS)</h1>
+<h2><a shape="rect" name="XMLKeyManagementService%28XKMS%29-Usecase"></a>Use
+<p>CXF security uses asymmetric algorithms for different purposes: encryption of symmetric
keys and payloads, signing security tokens and messages, proof of possession.<br clear="none">
+Normally the public keys (in form of X509 certificates) are stored in java keystores.</p>
+<p>For example, if sender encrypts the message payload sending to the receiver, he
should have access to receiver certificate saved in local keystore. <br clear="none">
+The sender uses this certificate for message encryption and receiver decrypts request with
corresponded own private key:</p>
+<p><span class="image-wrap" style=""><img src=""
style="border: 0px solid black"></span></p>
+<p>Seems to be OK? Imagine now that you have production environment with 100 different
clients of this service and service certificate is expired. You should reissue and replace
certificate in ALL client keystores! Even more, if keystores are packaged into war files or
OSGi bundles &#8211; they should be unpackaged and updated. Not really acceptable for
enterprise environments.</p>
+<p>Therefore large service landscapes support central certificates management. It means
that X509 certificates are not stored locally in keystores, but are provided and administrated
+<p>Normally it is a responsibility of <a shape="rect" class="external-link" href=""
rel="nofollow">Public Key Infrastructure</a> (PKI) established in organization. PKI
is responsible to create, manage, store, distribute, synchronize and revoke public certificates
and certification authorities (CAs).</p>
+<h2><a shape="rect" name="XMLKeyManagementService%28XKMS%29-XKMSSpecification"></a>XKMS
+<p>W3C specifies standard protocol to distribute and register public keys, certificates
and CAs that can be used for XML-based cryptography, including signature and encryption: <a
shape="rect" class="external-link" href="" rel="nofollow">XML
Key Management Specification</a> (XKMS 2.0).<br clear="none">
+The XKMS Specification comprises two parts &#8211; the XML Key Information Service Specification
(XKISS) describing the runtime aspects of key lookup and certificate validation and the XML
Key Registration Service Specification (XKRSS) describing the administrative aspects of registering,
renewing, revoking and recovering certificates.</p></div>
+           </div>
+           <!-- Content -->
+         </td>
+        </tr>
+      </table>
+   </td>
+   <td id="cell-2-2" colspan="2">&nbsp;</td>
+  </tr>
+  <tr>
+   <td id="cell-3-0">&nbsp;</td>
+   <td id="cell-3-1">&nbsp;</td>
+   <td id="cell-3-2">
+     <div id="footer">
+       <!-- Footer -->
+       <div id="site-footer">
+         <a href="">Privacy Policy</a>
+         (<a href="">edit
+	 (<a href=";showComments=true&amp;showCommentArea=true#addcomment">add
+	Apache CXF, CXF, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
+        All other marks mentioned may be trademarks or registered trademarks of their respective
+       </div>
+       <!-- Footer -->
+     </div>
+   </td>
+   <td id="cell-3-3">&nbsp;</td>
+   <td id="cell-3-4">&nbsp;</td>
+  </tr>
+  <tr>
+    <td id="cell-4-0" colspan="2">&nbsp;</td>
+    <td id="cell-4-1">&nbsp;</td>
+    <td id="cell-4-2" colspan="2">&nbsp;</td>
+  </tr>
+<script type="text/javascript">
+var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
+document.write(unescape("%3Cscript src='" + gaJsHost + "' type='text/javascript'%3E%3C/script%3E"));
+<script type="text/javascript">
+try {
+var pageTracker = _gat._getTracker("UA-4458903-1");
+} catch(err) {}</script>

View raw message