ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Werner Dittmann <Werner.Dittm...@t-online.de>
Subject Re: SignatureConfirmation with handler chaining
Date Fri, 04 Nov 2005 13:57:40 GMT
Ruchith,

need to look at what was wrong when doing chaining. I'll check
my internal testcases and give you some info tomorrow.

Regards,
Werner

Ruchith Fernando wrote:
> Hi Werner,
> 
> If possible, can you please give me some points as to what we need to
> do to get sig-confirmation working with handler chaining in Axis 1.x.
> 
> I'm trying to do the same with Axis2 security module.
> 
> 
>>Sep 6, 2005: Extending WSS4J to the new OASIS specs - first impl of SignatureConfirmation
:
>>
>>If anybody is going to test this _and_ uses the handler chaining
>>feature of WSS4J pls ask for additional info. In this case one
>>specific modification in the WSDD files may be required.
> 
> 
> 
> Thanks,
> Ruchith
> 
> On 9/6/05, Werner Dittmann <Werner.Dittmann@t-online.de> wrote:
> 
>>All,
>>
>>with the next checkin a first step of the SIgnatureConfirmation
>>feature of WSS 1.1 is done.
>>
>>Because of some open issues with the spec this first implementation
>>assumes:
>>
>>- generate SignatureConfirmation for every Signature of every
>>  wsse:Security header of the request - there my be several
>>  wsse:Security headers in one request (with different actor/role)
>>
>>- place all SignatureConfirmation elements together in one
>>  wsse:Security header of the response. This because it is not
>>  necessary that the wsse:Security headers have a one-to-one
>>  relationship with the request headers.
>>
>>- do not sign SignatureConfirmation yet - here are IMHO some open issues
>>  in the spec
>>
>>- do not encrypt even if the Signature block of the request was
>>  encrypted. I doubt if such an encryption makes sense.
>>
>>To enable and test this feature you need to download the source
>>from SVN (trunk head), set the variable "enableSignatureConfirmation"
>>to "true" (for the time being it set to "false" by default).
>>
>>If anybody is going to test this _and_ uses the handler chaining
>>feature of WSS4J pls ask for additional info. In this case one
>>specific modification in the WSDD files may be required.
>>
>>Regards,
>>Werner
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
> 
> 
> 
> --
> Ruchith
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message