cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dennis Sosnoski <...@sosnoski.com>
Subject Re: WSDL validator tool and WS-I checks
Date Thu, 10 Feb 2011 00:37:21 GMT
Hi Robert,

You might be interested in my just-published article on "Understanding
and modeling WSDL 1.1":
http://www.ibm.com/developerworks/library/j-jws20/index.html (This
discussion reminded me of the CXF tool, and I've requested added a link
to that as a resource.) The next one covers extending the model to
include WS-Policy/WS-SecurityPolicy, which sounds similar to what you want.

As Dan said, WS-I BSP is all about the runtime use of WS-Security and
doesn't really cover much at the policy level. There are some common
errors that occur when using WS-Policy/WS-SecurityPolicy, though,
including mixing namespaces and using assertions in the wrong places.
Some of these may be caught and reported by some of the web services
stacks when you try to use a policy, others may slip by and just leave
you scratching your head over apparently-bizarre results. I've
experienced a considerably amount of that myself in writing the
WS-Security articles in my series for devWorks!

I plan to publish an online version of my verification and restructuring
tool next month to go along with the completion of the three-part
series, so I'll update the list when that's available.

  - Dennis

Dennis M. Sosnoski
Java SOA and Web Services Consulting <http://www.sosnoski.com/consult.html>
Axis2/CXF/Metro SOA and Web Services Training
<http://www.sosnoski.com/training.html>
Web Services Jump-Start <http://www.sosnoski.com/jumpstart.html>


On 02/08/2011 04:39 AM, robert wrote:
> My group has a requirement to validate published WSDLs for compliance
> against the WS-I Basic Security Profile.
>
> Perhaps I have misunderstood the requirement, in relationship to the
> 'published' sense?  Or perhaps, the requirement could be refined
> further.  
>
> On Mon, 7 Feb 2011 10:20:04 -0500, Daniel Kulp <dkulp@apache.org>
> wrote:
>   
>> On Monday 07 February 2011 9:55:42 am robert wrote:
>>     
>>> Consider the online help for the WSDL validator tool:
>>> http://cxf.apache.org/docs/wsdlvalidator.html.
>>>
>>> The text states that the following check is performed: "Validate the
>>> WSDL document against custom validation rules, such as those defined by
>>> the Web Services Interoperability (WS-I) organization (i.e. WS-I Basic
>>> Profile rules)."
>>>
>>> I have two questions in this regards,
>>>
>>> (1)  The checks target what version of WS-I Basic Profile?  If it's
>>> not Web Services Interoperability Organization’s Basic Profile, Version
>>> 1.2, could checks be added for this latest version?
>>>
>>>       
>> It's WS-I Basic Profile..   It's not all the rules though.   I think WSI-BP 
>> defines hundreds, if not thousands, of checks.   We're pretty much checking 
>> for the common issues.   If someone wants to go through the BP spec
>> and write
>> additional checks, that would be great.   It's not a priority for
>> *ME* as the
>> existing checks have been fairly adequate.
>>
>>     
>>> (2) Are there any checks performed in relationship to "Web Services
>>> Interoperability Organization’s Basic Security Profile, Version 1.1"...
>>> if not, could there be?
>>>       
>> Well, the WSI-security profile defines on-the-wire rules and such.  
>> It really
>> doesn't  define any rules for anything in the WSDL.   What would a *WSDL* 
>> validator validate with this?
>>     
>   

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message