ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Veithen (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (AXIOM-316) Axiom based XML Security Implemenation
Date Sun, 10 Jul 2011 16:26:01 GMT

     [ https://issues.apache.org/jira/browse/AXIOM-316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andreas Veithen resolved AXIOM-316.
-----------------------------------

       Resolution: Won't Fix
    Fix Version/s:     (was: 1.3)

This will probably never be included in the Axiom code base. Reasons:
* This JIRA issue is stalled for more than two years and there is obviously no longer any
interest of the authors to integrate that code into Axiom (and to maintain it).
* In contrast to what has been claimed in one of the previous comments, the code is clearly
a fork of the Santuario project (org.apache.xml.security). Although there is no legal issue
with that, for obvious reasons we would have to discuss that with the Santuario folks before
adding the code to Axiom.
* In order to have a full Axiom-only WS-Security implementation in Axis2, one would also have
to fork WSS4J. [1] explains why this is not a good approach.

[1] http://markmail.org/thread/nomij6tx66fqwad2

> Axiom based XML Security Implemenation
> --------------------------------------
>
>                 Key: AXIOM-316
>                 URL: https://issues.apache.org/jira/browse/AXIOM-316
>             Project: Axiom
>          Issue Type: Improvement
>            Reporter: Saliya Ekanayake
>            Assignee: Nandana Mihindukulasooriya
>         Attachments: thomara.zip, thomara_updated.zip
>
>
> Apache Axis2 has proven its performance over other Web services engines over the past
couple of years. Its success mainly comes through the usage of Apache Axiom, which is an XML
infoset model based on the StAX API. Axis2, however, handles Web services security by means
of the Apache Rampart which in turn depends on DOM based implementations of XML security and
WS-Security. The main deficiency of this is the performance loss due to object model conversion.
Therefore, it is mandatory to come up with an Axiom based security implementation to regain
the performance of Axis2 in the case of handling secured messages. 
> The zip file included in the JIRA contains a completely Axiom based implementation of
XML Security which implements the following two specifications.
> 1. XML Encryption Syntax and Processing at http://www.w3.org/TR/xmlenc-core/
> 2. XML Signature Syntax and Processing (Second Edition) at http://www.w3.org/TR/xmldsig-core/
> Thus, it would be useful for the Apache community and for others who use Axis2 to have
this code under Apache. A WS-Security implementation based on Axiom could follow up on top
of this afterwards to fulfi the requirement of an Axiom based security implementation.
> Thanks,
> Saliya

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message