Return-Path: Delivered-To: apmail-ws-general-archive@www.apache.org Received: (qmail 21565 invoked from network); 2 Mar 2005 15:20:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 2 Mar 2005 15:20:51 -0000 Received: (qmail 28264 invoked by uid 500); 2 Mar 2005 15:20:50 -0000 Delivered-To: apmail-ws-general-archive@ws.apache.org Received: (qmail 28215 invoked by uid 500); 2 Mar 2005 15:20:50 -0000 Mailing-List: contact general-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: general@ws.apache.org list-help: list-unsubscribe: List-Post: Delivered-To: mailing list general@ws.apache.org Received: (qmail 28199 invoked by uid 99); 2 Mar 2005 15:20:50 -0000 X-ASF-Spam-Status: No, hits=-9.8 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from minotaur.apache.org (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.28) with SMTP; Wed, 02 Mar 2005 07:20:49 -0800 Received: (qmail 21516 invoked from network); 2 Mar 2005 15:20:48 -0000 Received: from localhost.hyperreal.org (HELO minotaur.apache.org) (127.0.0.1) by localhost.hyperreal.org with SMTP; 2 Mar 2005 15:20:48 -0000 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: general@ws.apache.org To: general@ws.apache.org Subject: =?iso-8859-1?q?=5BApache_Web_Services_Wiki=5D_Updated=3A__WSS4C?= Date: Wed, 02 Mar 2005 15:20:48 -0000 Message-ID: <20050302152048.21495.4686@minotaur.apache.org> X-Spam-Rating: localhost.hyperreal.org 1.6.2 0/1000/N X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Date: 2005-03-02T07:20:48 Editor: SameeraPerera Wiki: Apache Web Services Wiki Page: WSS4C URL: http://wiki.apache.org/ws/WSS4C no comment Change Log: ---------------------------------------------------------------------------= --- @@ -33,25 +33,14 @@ =3D=3D=3D Security Tokens =3D=3D=3D = =3D=3D=3D XML Signature =3D=3D=3D -WSS4C implementation of the XML Digital Signatures for SOAP Message Securi= ty, makes heavy use = -of the Apache’s XML Security libraries (http://xml.apache.org/securi= ty). +This section describes the WSS4C implementation of the Digital Signatures = for SOAP Message Security. Figure 2-1 illustrates the overall goals of the = implementation. = -The following schematic diagrams show the current architectural view of th= e WSS4C SOAP message = -signature validation processes. +attachment:fig2-1.gif +"Figure 2-1" = -attachment:verification.gif +2.1 Architecture of Digital Signature Implementation = -Client process, such as an Axis C++ inflow handler would invoke = -["WSSecurityEngine"]::processSecurityHeader on the incomming SOAP message = envelope. This method = -will step through all elements of the header block process= ing each sub element = -encountered. - -In the context of this section of the WSS4C implementation, this would res= ult in -1. A list of prefetched WSS Tokens to be used in the Signature validation = process (e.g. a = -BinarySecurityToken containing the X.509 certificate). This notion of pref= etching is based on = -the recommendation made in section 8.2 of the WS-Security 2004 specificati= on. - -2. A call to SignatureVerifier::verify method on all elemen= ts encountered. +2.2 Current Issues = =3D=3D=3D XML Encryption =3D=3D=3D The implementation of WSS4C has used Section 9 (Encryption) of OASIS WSS: = SOAP Message Security 1.0 specification, as its starting point. As such, th= e development effort can be viewed as a “bottom-up” process.