ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruchith Fernando <ruchith.ferna...@gmail.com>
Subject SignatureConfirmation with handler chaining
Date Fri, 04 Nov 2005 06:51:02 GMT
Hi Werner,

If possible, can you please give me some points as to what we need to
do to get sig-confirmation working with handler chaining in Axis 1.x.

I'm trying to do the same with Axis2 security module.

> Sep 6, 2005: Extending WSS4J to the new OASIS specs - first impl of SignatureConfirmation
:
>
> If anybody is going to test this _and_ uses the handler chaining
> feature of WSS4J pls ask for additional info. In this case one
> specific modification in the WSDD files may be required.


Thanks,
Ruchith

On 9/6/05, Werner Dittmann <Werner.Dittmann@t-online.de> wrote:
> All,
>
> with the next checkin a first step of the SIgnatureConfirmation
> feature of WSS 1.1 is done.
>
> Because of some open issues with the spec this first implementation
> assumes:
>
> - generate SignatureConfirmation for every Signature of every
>   wsse:Security header of the request - there my be several
>   wsse:Security headers in one request (with different actor/role)
>
> - place all SignatureConfirmation elements together in one
>   wsse:Security header of the response. This because it is not
>   necessary that the wsse:Security headers have a one-to-one
>   relationship with the request headers.
>
> - do not sign SignatureConfirmation yet - here are IMHO some open issues
>   in the spec
>
> - do not encrypt even if the Signature block of the request was
>   encrypted. I doubt if such an encryption makes sense.
>
> To enable and test this feature you need to download the source
> from SVN (trunk head), set the variable "enableSignatureConfirmation"
> to "true" (for the time being it set to "false" by default).
>
> If anybody is going to test this _and_ uses the handler chaining
> feature of WSS4J pls ask for additional info. In this case one
> specific modification in the WSDD files may be required.
>
> Regards,
> Werner
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>


--
Ruchith

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message