ws-fx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fred Dushin <fdus...@iona.com>
Subject Re: WS-Security in WSDL
Date Fri, 23 Jun 2006 14:56:23 GMT
Yes, but you can also embed policy in WSDL, using WS-PolicyAttachment.
(http://www.w3.org/Submission/WS-PolicyAttachment/)

I thought this is actually *the* place to put it, if WSDL is the
Web-Services equivalent of an IOR (if not a WS-Addressing endpoint
reference).

-Fred

Anne Thomas Manes wrote:
> You really don't want to specify middleware control information in the
> WSDL. The more appropriate place to specify your security requirements
> is in a WS-Policy file using WS-SecurityPolicy.
>
> Anne
>
> On 6/23/06, *Guy Rixon* <gtr@ast.cam.ac.uk <mailto:gtr@ast.cam.ac.uk>>
> wrote:
>
>     Hi,
>
>     AFAIK, there is no way to specify completely the WS-Security stuff
>     in WSDL.
>     It's a semantic problem.  For the body parts, the semantics are
>     simple "send
>     this stuff in the message with the stated encoding". For the
>     WS-Security
>     header, the semantics vary according to the use of the header: "sign
>     digitally", "encode",  "encode and sign" etc.  Specifying the
>     wsse:Security
>     header itself is too ambiguous. It doesn't tell a code-generator or a
>     client what to do.
>
>     However, suppose that you derived a schema that included those
>     elements from
>     WS-Security that were relevant to the actual use; e.g. just the
>     elements to
>     express a signature. This would have a new top-level element
>     (derived by
>     restriction from the basic wsse:Security?) that code generators and
>     dynamic clients might recognize. This might work for an in-house
>     solution; I
>     haven't thought it through in detail.
>
>     On Fri, 23 Jun 2006, Martin Kuba wrote:
>
>     > Hi all,
>     >
>     > I am trying to figure out how a WS-Security-enabled webservice
>     > is marked in its WSDL, but after I have read all documentation
>     > on WSS4J which I have found and after googling for an hour,
>     > I still cannot find and answer. I even tried to read the
>     > WS-Security spec itself, but I did not find it there.
>     >
>     > The only piece of information that I found is in gSOAP WSSE
>     > example, where the WSDL has the following added:
>     >
>     > ...
>     >
>     xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>     "
>     > ...
>     > <message name="Header">
>     >   <part name="Security" element="wsse:Security"/>
>     > </message>
>     > ...
>     > <operation name="add">
>     >    <SOAP:operation style="rpc" soapAction=""/>
>     >    <input>
>     >       <SOAP:body ... />
>     >       <SOAP:header use="literal" message="tns:Header"
>     part="Security"/>
>     >    </input>
>     > ...
>     >
>     > but that seems to be incorrect, as the wsse:Security element schema
>     > is not even imported. Also such specification only says that
>     > a SOAP header element is needed, but it does not say
>     > whether encryption or signature or username is needed.
>     >
>     > Can somebody point me to more information, please ?
>     >
>     > Thanks
>     >
>     > Martin
>     > --
>     > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     > Supercomputing Center Brno             Martin Kuba
>     > Institute of Computer Science    email: makub@ics.muni.cz
>     <mailto:makub@ics.muni.cz>
>     > Masaryk University             http://www.ics.muni.cz/~makub/
>     <http://www.ics.muni.cz/%7Emakub/>
>     > Botanicka 68a, 60200 Brno, CZ     mobil: +420-603-533775
>     > --------------------------------------------------------------
>     >
>
>     Guy Rixon                                       gtr@ast.cam.ac.uk
>     <mailto:gtr@ast.cam.ac.uk>
>     Institute of Astronomy                          Tel: +44-1223-337542
>     Madingley Road, Cambridge, UK, CB3 0HA          Fax: +44-1223-337523
>
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>     <mailto:wss4j-dev-unsubscribe@ws.apache.org>
>     For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>     <mailto:wss4j-dev-help@ws.apache.org>
>
>

Mime
View raw message