incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anne Thomas Manes <atma...@gmail.com>
Subject Re: [PROPOSAL] Apache TSIK
Date Sat, 21 May 2005 12:00:59 GMT
I assume that 
--> org.apache.tsik.xmlsig        XML decryption

is meant to be this:
--> org.apache.tsik.xmlsig        XML signature

I think it's a great idea.

Anne

On 5/20/05, Davanum Srinivas <davanum@gmail.com> wrote:
> Hi all,
> 
> please send feedback directly on general@incubator.apache.org.
> 
> thanks,
> dims
> 
> ---------- Forwarded message ----------
> From: Granqvist, Hans <hgranqvist@verisign.com>
> Date: May 17, 2005 6:10 PM
> Subject: [PROPOSAL] Apache TSIK
> To: general@incubator.apache.org
> 
> 
> Proposal
> --------
> This is a proposal to submit the Trust Services Integration
> Toolkit (TSIK) to ASF.  TSIK is a Java toolkit that VeriSign
> has been developing since 2001, and it is the basis of several
> products developed by VeriSign.
> 
> The intent with Apache TSIK is to create a web services project
> to implement standards as defined by W3C, OASIS, and others:
> 
> *  Basic XML security standards (XML signature, XML encryption)
> *  WS-* standards, and
> *  Other related standards (for example XKMS and SAML)
> 
> A full list of standards can be found at the end of the email.
> Emphasis has so far been placed on security-related standards.
> 
> TSIK is a toolkit that is suitable for implementing client as
> well as server side components.  Several commercial products built
> using TSIK are in current use.
> 
> 
> Rationale
> ---------
> It is easy to misunderstand the sometimes complex XML security
> standards. We have found that improper use of APIs inadvertently
> cause most security issues.
> 
> TSIK was therefore designed to be simple and easy to use. Rather
> than trying to implement 100% of a specific standard, we wanted to
> provide simplified APIs that would make sense in most use cases.
> However, what's implemented will always be to specification.
> 
> VeriSign believes the slow pace of adoption of Web Services can be
> attributed partly to the lack of open source toolkits. We believe
> that making a toolkit like TISK available to the community will
> increase the momentum.
> 
> Currently Apache offers two projects related to Web Services
> security:
> 
> a. The XML security project, which implements basic XML signature
>    and XML encryption, and
> 
> b. The WS-FX project, which aims at implementing existing WS*
>    standards.
> 
> The WS-FX project is an umbrella for several sub projects. The
> composability of WS standards means that a division into a
> subproject structure is reasonable.  WS-FX's main emphasis, though
> not the only way of deployment, is by way of Axis filters.
> 
> We propose TSIK as a separate project, somewhat competitive to
> WS-FX, but focused more on a toolkit usage model. Within the ASF,
> there are already examples of more or less competing projects
> (e.g., XML parsers). There is a belief that such internal
> competition is healthy.
> 
> There are a number of Java Community Process JSR's in various stages
> of development.  These JSR APIs will probably end up in ASF projects,
> some sooner than later.  For example, JSR-105 (XML digital signature)
> is already in the final stages and its APIs will likely in time
> supplant or complement the current Apache XML security suite.
> 
> Other JSR's of interest include JSR-106 (XML encryption) and JSR-183
> (WS-Security), which will also migrate to a set of APIs that will find
> their way into Apache.
> 
> The JSR APIs often strive to completely implement each specification.
> While this is sometimes valuable, few applications use more than the
> most common functions.  Again, TSIK is designed to simplify security
> usage as much as possible.
> 
> The long term goal of TSIK could be to use existing underlying
> Apache projects, such as XML security suite.
> 
> The initial implementation will be in Java, with support for J2SE
> 1.3 and up.
> 
> As a main author of many WS standards, VeriSign will also work to
> resolve the IP issues regarding some WS* standards.
> 
> 
> Scope
> ------
> TSIK will implement the WS-* stack of standards.  To do this, basic
> XML security standards need to be implemented, as discussed above
> in the introduction.  Most of this functionality already exists in
> TSIK.
> 
> Our initial plan is to implement support for the following
> specifications in this order: WS-Security, WS-Trust,
> WS-SecureConversation (WS-Addressing), WS-SecurityPolicy (WS-Policy),
> WS-Reliable-Messaging, WS-Federation (Liberty) and SAML 2.0., but
> what gets implemented will in the end be decided by the community
> process.
> 
> TSIK should also make it easy to conform to WS-I profiles, for
> instance, the Basic Security Profile.
> 
> We believe in an active participation in interop events. There will
> be APIs for use cases as defined by interop events in OASIS, W3C,
> etc., as well as profiles issues discussed via WS-I.
> 
> Interoperability is paramount and the TSIK test suites shall strive
> to always interoperate with other implementations.
> 
> 
> Known risks
> ------------
> 
> ---Orphaned products
> TSIK has always been distributed in binary form.  Many customers have
> requested access to the source to add functionality to the TSIK code
> base.
> 
> ---Commercial interest
> The current commercial products built on TSIK have been found to
> have no claims on the source code.  VeriSign does not plan to develop
> parallel in-house versions of TSIK, but spend all efforts on the ASF
> TSIK project.
> 
> ---Inexperience with Open Source
> Some TSIK developers are already in OS-based businesses.  However,
> VeriSign has limited experience working on open source projects, but
> has extensive experience in creating many open WS* standards, and hope
> this will aid in the transition to the open source community.
> 
> ---Initial Reliance on Salaried Workers
> It is believed that, initially, most TSIK development will be done by
> salaried workers.  They will not necessarily be employed by VeriSign,
> though.  As mentioned above, VeriSign partners and customers have
> expressed interest in taking part in developing TSIK.
> 
> ---Licensing, Patents, Miscellaneous Legal
> The IP rights surrounding some WS-* standards can be difficult to
> understand.  As a co-author of many WS-* standards, VeriSign will work
> with Apache to make sure those issues are resolved in the community.
> 
> 
> Initial source
> --------------
> TSIK has been in development since around 2001 and has an active user
> base (currently over 200 members in the user group).  As mentioned
> above, it is the basis of several products developed by VeriSign.
> 
> TSIK contains implementations of the XML signature, XML encryption
> standards, XKMS and SAML, and WS-Security, etc.  It also contains
> utility classes to make DOM and XPath easier to use, constructing and
> parsing SOAP messages, etc.
> 
> The current Java source code uses Apache libraries and tools (for
> example ant, xerces, xalan, log4j).  It also uses JUnit for test
> coverage.  The build processes builds complete documentation (including
> javadocs) and contains sample source code to describe usage patterns.
> 
> 
> Source submission plan
> -----------------------
> The following Java packages will be submitted:
> 
> Package name                  Purpose
> ------------------------------------------------------
> org.apache.tsik.crl           CRL handling
> org.apache.tsik.datatypes     Passive data types of general utility
> org.apache.tsik.domutil       A simplified interface to DOM
> org.apache.tsik.messaging     XML messaging framework
> org.apache.tsik.resource      Basic XML facilities (e.g., parsing)
> org.apache.tsik.xmlenc        XML encryption
> org.apache.tsik.xmlsig        XML decryption
> org.apache.tsik.xmlsig.tools  Pkcs#12, #8, JCA/JCE utilities
> org.apache.tsik.xpath         XPath implementation
> org.apache.tsik.wss           WS-Security implementation (*)
> org.apache.tsik.wst           WS-Trust implementation (*)
> org.apache.tsik.wsa           WS-Addressing (*)
> org.apache.tsik.verifier        Assess trust of public keys and
> certificates
> org.apache.tsik.test.*        JUnit test suites for all packages
> 
> (*) The WS-* implementations are in various levels of completion.
> 
> There are more packages in TSIK.  We want to keep the initial
> submission as small as possible to increase its chances of adoption.
> 
> As TSIK is being incubated, we plan to propose adding the following
> packages.  Our plan is to accomplish this within three months of the
> original submission, if there is interest in the group:
> 
> Package name                        Purpose
> ----------------------------------------------------------
> org.apache.tsik.xkms.client         Client XKMS APIs
> org.apache.tsik.xkms.tools          Tools, such as XKMS-aware keystores
> org.apache.tsik.util.failover       For failsafe implementation
> org.apache.schema                   XML Schema validation
> org.apache.tsik.saml                SAML 1.0 implementation
> org.apache.tsik.cryptostream        Streaming crypto framework
> org.apache.tsik.cryptostream.pkcs7  Pkcs #7 streams
> org.apache.tsik.pki.client          PKI lifecycle (certificate enroll,
>                                     renew, revoke, etc., operations.)
> org.apache.tsik.dime                Implementation of DIME (*)
> 
> (*) This package should be updated to comply with latest binary
> attachment standard, e.g., SwA.
> 
> 
> Resources
> ----------
> We foresee only standard Apache developer resources to be created,
> such as cvs/subversion, developer mailing lists, etc.
> 
> 
> Documentation
> -------------
> TSIK is today available for download (binary code only) from
> http://www.verisign.com/developer/xml/ .
> 
> The developer community mailing list is hosted by yahoo on
> http://groups.yahoo.com/group/tsik/
> 
> 
> Initial committers
> ------------------
> Hans Granqvist (hgranqvist@verisign.com)
> Mark Hayes (mark@sleepycat.com)
> 
> Apache sponsor/champion
> ---------------------------
> Davanum Srinivas (dims@yahoo.com)
> 
> List of implemented XML standards
> ----------------------------------
> These are XML standards implemented in TSIK.
> 
> XPath                   http://www.w3.org/TR/xpath
> Encryption              http://www.w3.org/TR/xmlenc-core/
> Signature               http://www.w3.org/TR/xmldsig-core/
> Canonicalization        http://www.w3.org/TR/xml-c14n
> Exclusive c14n  http://www.w3.org/TR/xml-exc-c14n/
> XKMS                    http://www.w3.org/TR/xkms/
> 
> WS-Addressing   http://www.w3.org/Submission/ws-addressing/
> 
> WS-Security     1.0 (March 15, 2004)
>    http://docs.oasis-open.org/wss/2004/01/\
>    oasis-200401-wss-soap-message-security-1.0.pdf
> 
> WS-Trust (February 2005 draft)
>    ftp://www6.software.ibm.com/software/developer/library/ws-trust.pdf
> 
> 
> Contact
> -------
> Hans Granqvist, Web Services Architect
> VeriSign, Inc.
> 487 East Middlefield Road
> M/S MV6-2-1
> Mountain View, CA 94043
> 
> Email: hgranqvist@verisign.com
> Phone: +1-650-426-5232
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
> 
> 
> 
> --
> Davanum Srinivas - http://webservices.apache.org/~dims/
>

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message