You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Heshan Suriyaarachchi <he...@gmail.com> on 2008/03/16 05:32:54 UTC
Auditing support for Apache Rampart - GSoC 2008
Hi
I am a 3rd year Computer Science undergraduate of University of Colombo
School of Computing (UCSC) . I am hoping to participate in this year's
google summer of code.I went through the Apache Project Idea's List and
found this project interesting.
As it is said systematic audit record generation is considered a
mission-critical function in any software development environment. Apache
Rampart is the security module of Axis2. It secures SOAP messages according
to specifications in the WS-Security stack. Rampart currently doesn't store
the auditing details about SOAP messages.
I would like to know what are the additional features that should be
implemented under this project.
Thanx in advance
Heshan Suriyaarachchi
Re: Auditing support for Apache Rampart - GSoC 2008
Posted by Martin Gainty <mg...@hotmail.com>.
did'nt see this specific feature in the most recently published OASIS doc
located at
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-securit
y-1.0.pdf
Perhaps you could enlighten us as to where this feature is located in
WS-Security docs?
(if not you may want to consider contacting the committers for further
insight)
Thanks
Martin
----- Original Message -----
From: "Heshan Suriyaarachchi" <he...@gmail.com>
To: <ra...@ws.apache.org>
Sent: Saturday, March 15, 2008 11:32 PM
Subject: Auditing support for Apache Rampart - GSoC 2008
> Hi
> I am a 3rd year Computer Science undergraduate of University of
Colombo
> School of Computing (UCSC) . I am hoping to participate in this year's
> google summer of code.I went through the Apache Project Idea's List and
> found this project interesting.
>
> As it is said systematic audit record generation is considered a
> mission-critical function in any software development environment. Apache
> Rampart is the security module of Axis2. It secures SOAP messages
according
> to specifications in the WS-Security stack. Rampart currently doesn't
store
> the auditing details about SOAP messages.
>
> I would like to know what are the additional features that should be
> implemented under this project.
>
>
> Thanx in advance
> Heshan Suriyaarachchi
>
Re: Auditing support for Apache Rampart - GSoC 2008
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi,
I don't thing there is a standard / specification about keeping
audit details in the WS-Sec* specs as it is an implementation specific
thing. So we will have to come up with a feature list and decide how
we are going to do this. I think Axis2/Rampart users/developers can
help giving ideas about what information should be stored, how those
can be secured and how those can be presented.
I found this [1] document to be bit useful.
thanks,
nandana
[1] - csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf