cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject WSS4J 2.0 / streaming WS-Security report
Date Tue, 30 Jul 2013 15:31:06 GMT
Hi all,

I thought I would send around an update on the WSS4J 2.0 port in CXF. WSS4J
2.0 offers a new streaming approach to WS-Security based on the work of
Marc Giger (cc'd). Both the DOM and StAX approaches share common
configuration, meaning that you can flip between the different
implementations by just setting a configuration switch. Currently, we
default to the DOM implementation, but that may change before the 3.0
release.

A lot of system tests are available in the ws-security systests if anyone
is interested. Most of the basic Symmetric, Asymmetric + Transport binding
use-cases are working. Here is a list of stuff that is not working, as well
as work items that will be done over the next few months to get it ready
for the 3.0 release:

1) There are some issues with the current approach to using symmetric keys.
We are going to solve this by creating new WSS4J actions for symmetric
encryption + signature.
2) Symmetric + Asymmetric Derived Key use-cases are not working.
3) An AsymmetricBinding use-case which uses a SAMLToken as the
InitiatorToken does not work.
4) EndorsingSupportingTokens are not supported on the client side for
either Symmetric or AsymmetricBindings yet.
5) None of the *Elements XPath expressions are working.
6) We don't support using SecurityTokens yet as the basis for
signing/encryption, so for WS-Trust/SPNEGO use-cases etc. This is held up
by the first point.
7) The STSClient (+ STS itself) have not been ported to use the streaming
code. All of the STS system tests also need to be ported when this is done.
8) There are also some other more minor tasks summarised in the WSS4J JIRA
under the "2.0" version if anyone is inclined to take a look.

Colm.




-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message