Ws-Security - Interoperability Axis2 to/from .NET WCF

[Stadelmann Josef <jo...@axa-winterthur.ch>]

Hi 

I am still hunting for a working example where as the service is a
Axis2/J web service with/without Rampart and the client is a .NET WCF
3.5/4.0 web service client.

I have setup Rampart and went through all examples. Now I am working
through all .NET WCF securiyt examples. The aim is to find some
commonalities which we understand that after all we know how to map the
ws security policy at the axis2 end to app.conf configuration elements
at the .NET side, matching the the security policy at the AXIS2/J end.
Or otherwhise arround.

We feel that if interoperability testing was done by sombody of the
Axis2/J or Rampart community, it would be so nice to get a bit of
insigth in what has been tested, and maybe have the luxury of some
working examples. We don't care now if authentication is done by
client/service certificates or any username / password combination, as
well we don't care about the used encoding/decoding cipher algo use to
cipher/decipher the message body. 

Any hints are wellcome as a starter. Any maping explanation maping
security elements from axis2/j rampart to .NET WCF

Also - we have only the issue to encipher/decipher one filed of the
message body right now which is at the moment the password. 

So wher do we start best with :NET WCF and Axis2/J for just that.

Looking at this mail archive - Interoperabillity seems to be an always
burning issue !

and yes - we know that the Metro stack with its WSIT capability does
much better ws security interoperability job then many other ws stacks. 
But before we migrate away from Axis2/Rampart at the service side end to
Metro we like to have this discussed here.

Josef

Re: Ws-Security - Interoperability Axis2 to/from .NET WCF

[Amila Jayasekara <am...@wso2.com>]

On Mon, Jan 16, 2012 at 2:20 PM, Stadelmann Josef
<jo...@axa-winterthur.ch> wrote:
> Hi
>
> I am still hunting for a working example where as the service is a Axis2/J
> web service with/without Rampart and the client is a .NET WCF 3.5/4.0 web
> service client.
>
> I have setup Rampart and went through all examples. Now I am working through
> all .NET WCF securiyt examples. The aim is to find some commonalities which
> we understand that after all we know how to map the ws security policy at
> the axis2 end to app.conf configuration elements at the .NET side, matching
> the the security policy at the AXIS2/J end. Or otherwhise arround.
>
> We feel that if interoperability testing was done by sombody of the Axis2/J
> or Rampart community, it would be so nice to get a bit of insigth in what
> has been tested, and maybe have the luxury of some working examples. We
> don’t care now if authentication is done by client/service certificates or
> any username / password combination, as well we don't care about the used
> encoding/decoding cipher algo use to cipher/decipher the message body.
>
> Any hints are wellcome as a starter. Any maping explanation maping security
> elements from axis2/j rampart to .NET WCF
>
> Also – we have only the issue to encipher/decipher one filed of the message
> body right now which is at the moment the password.
>
> So wher do we start best with :NET WCF and Axis2/J for just that.
>
> Looking at this mail archive - Interoperabillity seems to be an always
> burning issue !
>
> and yes – we know that the Metro stack with its WSIT capability does much
> better ws security interoperability job then many other ws stacks.
>
> But before we migrate away from Axis2/Rampart at the service side end to
> Metro we like to have this discussed here.

Hi Josef,

Rampart had some inter-op integration tests with "Microsoft Interop
Server". You can find some of the interop tests in [1]. But in recent
past, some of the security endpoints are not accessible in "Microsoft
Interop Plug Fest" [3]. Therefore we were unable to run these tests as
a continuous process. I believe you will be able use [1] as a starting
point.

I do agree that there are limited resources on WS-Security
interoperability. Currently we are working on some enhancements on
Rampart. We will try our best to publish some blog posts on
WS-Security interoperability.

Thanks
AmilaJ

[1] https://svn.wso2.org/repos/wso2/trunk/interop/test-suites/security/
[2] http://mssoapinterop.org/
[3] http://131.107.72.15/Security_WsSecurity_Service_Indigo/



>
> Josef



-- 
Mobile : +94773330538

---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
For additional commands, e-mail: java-user-help@axis.apache.org