You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Vadim Dmitriev <dm...@mail.ru> on 2012/01/23 12:56:39 UTC
Re[2]: WS with non-standard algorithm for signature computation
I already read your article (BTW, thank you for writing it!), but haven't found how to declare custom AlgorithmSuite in WSDL properly.
It is the right way?
<wss:AlgorithmSuite>
<wsp:Policy>
<someNameSpace:customSuite />
</wsp:Policy>
</wss:AlgorithmSuite>
WS-SP specification doesn't define how to extend AS, only lists predefined algorithms, so I'm afraid to use some unspecified controversial approach which won't be supported anywhere except CXF.
P.S.
Honestly, I was looking for something like
<AlgorithmSuite id="customSuite">
<DigestAlgorithm id="..." />
<EncryptionAlgorithm id="..." />
</AlgorithmSuite>
This way 3rd parties will have algorithm IDs to use in WS-S header (i.e. these IDs will be declared in WSDL, not in some external convention).
--Vadim
23 января 2012, 14:07 от Colm O hEigeartaigh <co...@apache.org>:
> > - not possible to extend WS-SP declaration to use new AlgorithmSuite
>
> It is possible to do this, see here for more information:
>
> http://coheigea.blogspot.com/2011/09/specifying-custom-algorithmsuite.html
>
> Colm.
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: WS with non-standard algorithm for signature computation
Posted by Colm O hEigeartaigh <co...@apache.org>.
I added some system tests to show how to specify a custom
AlgorithmSuite to use an AES-GCM algorithm for encryption:
http://svn.apache.org/viewvc?view=revision&revision=1235775
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128GCM/>
</wsp:Policy>
</sp:AlgorithmSuite>
The tests are @Ignore'd until we pick up WSS4J 1.6.5, but you should
be able to adapt it easily enough for your own test case.
Colm.
2012/1/23 Dmitriev Vadim <dm...@mail.ru>:
> Colm,
>
> Thank you very much for sharing your experience. At least now I know that
> I'm walking on unstable ground.
>
> Regards.
> -- Vadim
>
>
> On 23.01.2012 16:19, Colm O hEigeartaigh wrote:
>>>
>>> I already read your article (BTW, thank you for writing it!), but haven't
>>> found how to declare custom AlgorithmSuite in WSDL properly.
>>> It is the right way?
>>> <wss:AlgorithmSuite>
>>> <wsp:Policy>
>>> <someNameSpace:customSuite />
>>> </wsp:Policy>
>>> </wss:AlgorithmSuite>
>>
>> There is no "proper" way of declaring custom AlgorithmSuites in the
>> WSDL, as it's not supported in the WS-SP specification, as you point
>> out. The example that was linked in the blog just overrides the
>> Basic128 AlgorithmSuite to allow 512 bit asymmetric keys. Your policy
>> statement above looks fine to me though.
>>
>> Colm.
>>
>> On Mon, Jan 23, 2012 at 11:56 AM, Vadim Dmitriev<dm...@mail.ru> wrote:
>>>
>>> I already read your article (BTW, thank you for writing it!), but haven't
>>> found how to declare custom AlgorithmSuite in WSDL properly.
>>> It is the right way?
>>> <wss:AlgorithmSuite>
>>> <wsp:Policy>
>>> <someNameSpace:customSuite />
>>> </wsp:Policy>
>>> </wss:AlgorithmSuite>
>>>
>>> WS-SP specification doesn't define how to extend AS, only lists
>>> predefined algorithms, so I'm afraid to use some unspecified controversial
>>> approach which won't be supported anywhere except CXF.
>>>
>>> P.S.
>>> Honestly, I was looking for something like
>>> <AlgorithmSuite id="customSuite">
>>> <DigestAlgorithm id="..." />
>>> <EncryptionAlgorithm id="..." />
>>> </AlgorithmSuite>
>>> This way 3rd parties will have algorithm IDs to use in WS-S header (i.e.
>>> these IDs will be declared in WSDL, not in some external convention).
>>>
>>> --Vadim
>>>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: WS with non-standard algorithm for signature computation
Posted by Dmitriev Vadim <dm...@mail.ru>.
Colm,
Thank you very much for sharing your experience. At least now I know
that I'm walking on unstable ground.
Regards.
-- Vadim
On 23.01.2012 16:19, Colm O hEigeartaigh wrote:
>> I already read your article (BTW, thank you for writing it!), but haven't found how to declare custom AlgorithmSuite in WSDL properly.
>> It is the right way?
>> <wss:AlgorithmSuite>
>> <wsp:Policy>
>> <someNameSpace:customSuite />
>> </wsp:Policy>
>> </wss:AlgorithmSuite>
> There is no "proper" way of declaring custom AlgorithmSuites in the
> WSDL, as it's not supported in the WS-SP specification, as you point
> out. The example that was linked in the blog just overrides the
> Basic128 AlgorithmSuite to allow 512 bit asymmetric keys. Your policy
> statement above looks fine to me though.
>
> Colm.
>
> On Mon, Jan 23, 2012 at 11:56 AM, Vadim Dmitriev<dm...@mail.ru> wrote:
>> I already read your article (BTW, thank you for writing it!), but haven't found how to declare custom AlgorithmSuite in WSDL properly.
>> It is the right way?
>> <wss:AlgorithmSuite>
>> <wsp:Policy>
>> <someNameSpace:customSuite />
>> </wsp:Policy>
>> </wss:AlgorithmSuite>
>>
>> WS-SP specification doesn't define how to extend AS, only lists predefined algorithms, so I'm afraid to use some unspecified controversial approach which won't be supported anywhere except CXF.
>>
>> P.S.
>> Honestly, I was looking for something like
>> <AlgorithmSuite id="customSuite">
>> <DigestAlgorithm id="..." />
>> <EncryptionAlgorithm id="..." />
>> </AlgorithmSuite>
>> This way 3rd parties will have algorithm IDs to use in WS-S header (i.e. these IDs will be declared in WSDL, not in some external convention).
>>
>> --Vadim
>>
Re: Re[2]: WS with non-standard algorithm for signature computation
Posted by Colm O hEigeartaigh <co...@apache.org>.
> I already read your article (BTW, thank you for writing it!), but haven't found how to declare custom AlgorithmSuite in WSDL properly.
> It is the right way?
> <wss:AlgorithmSuite>
> <wsp:Policy>
> <someNameSpace:customSuite />
> </wsp:Policy>
> </wss:AlgorithmSuite>
There is no "proper" way of declaring custom AlgorithmSuites in the
WSDL, as it's not supported in the WS-SP specification, as you point
out. The example that was linked in the blog just overrides the
Basic128 AlgorithmSuite to allow 512 bit asymmetric keys. Your policy
statement above looks fine to me though.
Colm.
On Mon, Jan 23, 2012 at 11:56 AM, Vadim Dmitriev <dm...@mail.ru> wrote:
> I already read your article (BTW, thank you for writing it!), but haven't found how to declare custom AlgorithmSuite in WSDL properly.
> It is the right way?
> <wss:AlgorithmSuite>
> <wsp:Policy>
> <someNameSpace:customSuite />
> </wsp:Policy>
> </wss:AlgorithmSuite>
>
> WS-SP specification doesn't define how to extend AS, only lists predefined algorithms, so I'm afraid to use some unspecified controversial approach which won't be supported anywhere except CXF.
>
> P.S.
> Honestly, I was looking for something like
> <AlgorithmSuite id="customSuite">
> <DigestAlgorithm id="..." />
> <EncryptionAlgorithm id="..." />
> </AlgorithmSuite>
> This way 3rd parties will have algorithm IDs to use in WS-S header (i.e. these IDs will be declared in WSDL, not in some external convention).
>
> --Vadim
>
>
> 23 января 2012, 14:07 от Colm O hEigeartaigh <co...@apache.org>:
>> > - not possible to extend WS-SP declaration to use new AlgorithmSuite
>>
>> It is possible to do this, see here for more information:
>>
>> http://coheigea.blogspot.com/2011/09/specifying-custom-algorithmsuite.html
>>
>> Colm.
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com