cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-5001) Support XKMS 2.0
Date Fri, 17 May 2013 15:19:16 GMT

    [ https://issues.apache.org/jira/browse/CXF-5001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13660782#comment-13660782
] 

Colm O hEigeartaigh commented on CXF-5001:
------------------------------------------

Hi Andrei,

The patch looks good to me. I would say that adding system tests + adding support for chain
trust should be top priorities.

One bug I noticed in reviewing the wiki is that the "RequestId" attribute in some of the messages
is not schema compliant:

<attribute name="RequestId" type="NCName" use="optional"/>

This means it can't start with a number, see here for a similar bug:

https://issues.apache.org/jira/browse/WSS-317

Colm.
                
> Support XKMS 2.0
> ----------------
>
>                 Key: CXF-5001
>                 URL: https://issues.apache.org/jira/browse/CXF-5001
>             Project: CXF
>          Issue Type: New Feature
>          Components: Services
>            Reporter: Andrei Shakirin
>            Assignee: Andrei Shakirin
>         Attachments: xkms.patch
>
>
> Talend is happy to donate the initial XKMS 2.0 implementation to Apache CXF as part of
this Jira.
> XKMS will be contributed as a service (like STS and WS-Discovery) providing standardized
access to central public key infrastructure (PKI) including lookup, validation, registration,
reissuing and revocation of public keys.
> XKMS will help users to manage their certificates centrally instead storing them into
local keystores, that IMO best practice for middle/large service landscapes.
> I tried to describe the use case, architecture and design of XKMS Service in CXF wiki:
> https://cwiki.apache.org/confluence/display/CXF20DOC/XML+Key+Management+Service+%28XKMS%29
> and in the blog: http://ashakirin.blogspot.de/2013/04/cxf-security-getting-certificates-from.html
.
> Attached is the initial draft of XKMS service implementation supporting X509 public keys,
simple File and LDAP storages and providing Web and OSGi deployment. Suggested target CXF
release for XKMS service will be 3.0. Code was designed and implemented by me together with
Christian Schneider (cschneider), reviewed and refactored by Jan Bernhard (jbernhard) and
donated by Talend company.
> Any feedback for this code is welcome. The next tasks will be support revocation lists,
complete validate operation for trusted chains, extend system tests, support new key storages.
> Regards,
> Andrei.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message