You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by "Dittmann, Werner" <we...@siemens.com> on 2005/11/23 08:30:25 UTC

Checking security actions (was: Header element ordering iterop problem with .NET?)

All,

during the discussion with Allen IMHO we should have a closer
look into the WS-Policy* stuff (again). WSS4J as it stands now
(not looking at the sandbox code) provides methods to create
Sceurity headers in a request and to parse/validate them.

The check at the receiver if the request contains all required
security actions is rudimentary only. 

To enhance the action checking and also the way how the sender 
controls the setup the request we shall consider to use WS-Policy*
specs.

Some ideas:
- At the sender side we could have a parser that sets up internal 
  structures that drive/control how the WSS4J handlers create the
  security functions (some time ago this topic was shortly discussed
  on this list, I'll have a look in the archives). To avoid to much
  parsing we need to have some sort of "global, per service" location
  to store this internal structure (somewhere in the Axis data 
  structures?)

- At the receiver side a similar parser (the same?) can setup an
  internal structure which a "Policy checker" can use to verify the
  results generated during parsing/verification of the security
  headers.

Both new modules could be "plugged-in" similar to the 
"action/processor" structure now in use in WSS4J.

Is there some code that could be used to start e.g. a parser for
the relevant WS-Policy* specs?

Any more ideas? Volunteers :-) ?

Regards,
Werner



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: Checking security actions (was: Header element ordering iterop problem with .NET?)

Posted by Ruchith Fernando <ru...@gmail.com>.

This is the implementation of the WS-Policy spec.
See: http://marc.theaimsgroup.com/?l=axis-dev&m=113255298531637&w=2

IMHO we will have to implment WS-SecurityPolicy
http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf

Thanks,
Ruchith

On 11/23/05, Jongjin Choi <jo...@gmail.com> wrote:
> There seems to be some work about WS-Policy in webservices commons.
> http://svn.apache.org/viewcvs.cgi/webservices/commons/trunk/policy/?rev=348394
>
>  Is this relevant to what you have in mind?
>
>  /Jongjin Choi
>
>
> On 11/23/05, Dittmann, Werner <we...@siemens.com> wrote:
> > All,
> >
> > during the discussion with Allen IMHO we should have a closer
> > look into the WS-Policy* stuff (again). WSS4J as it stands now
> > (not looking at the sandbox code) provides methods to create
> > Sceurity headers in a request and to parse/validate them.
> >
> > The check at the receiver if the request contains all required
> > security actions is rudimentary only.
> >
> > To enhance the action checking and also the way how the sender
> > controls the setup the request we shall consider to use WS-Policy*
> > specs.
> >
> > Some ideas:
> > - At the sender side we could have a parser that sets up internal
> >   structures that drive/control how the WSS4J handlers create the
> >   security functions (some time ago this topic was shortly discussed
> >   on this list, I'll have a look in the archives). To avoid to much
> >   parsing we need to have some sort of "global, per service" location
> >   to store this internal structure (somewhere in the Axis data
> >   structures?)
> >
> > - At the receiver side a similar parser (the same?) can setup an
> >   internal structure which a "Policy checker" can use to verify the
> >   results generated during parsing/verification of the security
> >   headers.
> >
> > Both new modules could be "plugged-in" similar to the
> > "action/processor" structure now in use in WSS4J.
> >
> > Is there some code that could be used to start e.g. a parser for
> > the relevant WS-Policy* specs?
> >
> > Any more ideas? Volunteers :-) ?
> >
> > Regards,
> > Werner
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>


--
Ruchith

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: Checking security actions (was: Header element ordering iterop problem with .NET?)

Posted by Ruchith Fernando <ru...@gmail.com>.

This is the implementation of the WS-Policy spec.
See: http://marc.theaimsgroup.com/?l=axis-dev&m=113255298531637&w=2

IMHO we will have to implment WS-SecurityPolicy
http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf

Thanks,
Ruchith

On 11/23/05, Jongjin Choi <jo...@gmail.com> wrote:
> There seems to be some work about WS-Policy in webservices commons.
> http://svn.apache.org/viewcvs.cgi/webservices/commons/trunk/policy/?rev=348394
>
>  Is this relevant to what you have in mind?
>
>  /Jongjin Choi
>
>
> On 11/23/05, Dittmann, Werner <we...@siemens.com> wrote:
> > All,
> >
> > during the discussion with Allen IMHO we should have a closer
> > look into the WS-Policy* stuff (again). WSS4J as it stands now
> > (not looking at the sandbox code) provides methods to create
> > Sceurity headers in a request and to parse/validate them.
> >
> > The check at the receiver if the request contains all required
> > security actions is rudimentary only.
> >
> > To enhance the action checking and also the way how the sender
> > controls the setup the request we shall consider to use WS-Policy*
> > specs.
> >
> > Some ideas:
> > - At the sender side we could have a parser that sets up internal
> >   structures that drive/control how the WSS4J handlers create the
> >   security functions (some time ago this topic was shortly discussed
> >   on this list, I'll have a look in the archives). To avoid to much
> >   parsing we need to have some sort of "global, per service" location
> >   to store this internal structure (somewhere in the Axis data
> >   structures?)
> >
> > - At the receiver side a similar parser (the same?) can setup an
> >   internal structure which a "Policy checker" can use to verify the
> >   results generated during parsing/verification of the security
> >   headers.
> >
> > Both new modules could be "plugged-in" similar to the
> > "action/processor" structure now in use in WSS4J.
> >
> > Is there some code that could be used to start e.g. a parser for
> > the relevant WS-Policy* specs?
> >
> > Any more ideas? Volunteers :-) ?
> >
> > Regards,
> > Werner
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>


--
Ruchith

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: Checking security actions (was: Header element ordering iterop problem with .NET?)

Posted by Jongjin Choi <jo...@gmail.com>.

There seems to be some work about WS-Policy in webservices commons.
http://svn.apache.org/viewcvs.cgi/webservices/commons/trunk/policy/?rev=348394

Is this relevant to what you have in mind?

/Jongjin Choi

On 11/23/05, Dittmann, Werner <we...@siemens.com> wrote:
>
> All,
>
> during the discussion with Allen IMHO we should have a closer
> look into the WS-Policy* stuff (again). WSS4J as it stands now
> (not looking at the sandbox code) provides methods to create
> Sceurity headers in a request and to parse/validate them.
>
> The check at the receiver if the request contains all required
> security actions is rudimentary only.
>
> To enhance the action checking and also the way how the sender
> controls the setup the request we shall consider to use WS-Policy*
> specs.
>
> Some ideas:
> - At the sender side we could have a parser that sets up internal
>   structures that drive/control how the WSS4J handlers create the
>   security functions (some time ago this topic was shortly discussed
>   on this list, I'll have a look in the archives). To avoid to much
>   parsing we need to have some sort of "global, per service" location
>   to store this internal structure (somewhere in the Axis data
>   structures?)
>
> - At the receiver side a similar parser (the same?) can setup an
>   internal structure which a "Policy checker" can use to verify the
>   results generated during parsing/verification of the security
>   headers.
>
> Both new modules could be "plugged-in" similar to the
> "action/processor" structure now in use in WSS4J.
>
> Is there some code that could be used to start e.g. a parser for
> the relevant WS-Policy* specs?
>
> Any more ideas? Volunteers :-) ?
>
> Regards,
> Werner
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>

Re: Checking security actions (was: Header element ordering iterop problem with .NET?)

Posted by Jongjin Choi <jo...@gmail.com>.

There seems to be some work about WS-Policy in webservices commons.
http://svn.apache.org/viewcvs.cgi/webservices/commons/trunk/policy/?rev=348394

Is this relevant to what you have in mind?

/Jongjin Choi

On 11/23/05, Dittmann, Werner <we...@siemens.com> wrote:
>
> All,
>
> during the discussion with Allen IMHO we should have a closer
> look into the WS-Policy* stuff (again). WSS4J as it stands now
> (not looking at the sandbox code) provides methods to create
> Sceurity headers in a request and to parse/validate them.
>
> The check at the receiver if the request contains all required
> security actions is rudimentary only.
>
> To enhance the action checking and also the way how the sender
> controls the setup the request we shall consider to use WS-Policy*
> specs.
>
> Some ideas:
> - At the sender side we could have a parser that sets up internal
>   structures that drive/control how the WSS4J handlers create the
>   security functions (some time ago this topic was shortly discussed
>   on this list, I'll have a look in the archives). To avoid to much
>   parsing we need to have some sort of "global, per service" location
>   to store this internal structure (somewhere in the Axis data
>   structures?)
>
> - At the receiver side a similar parser (the same?) can setup an
>   internal structure which a "Policy checker" can use to verify the
>   results generated during parsing/verification of the security
>   headers.
>
> Both new modules could be "plugged-in" similar to the
> "action/processor" structure now in use in WSS4J.
>
> Is there some code that could be used to start e.g. a parser for
> the relevant WS-Policy* specs?
>
> Any more ideas? Volunteers :-) ?
>
> Regards,
> Werner
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>