You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by we...@apache.org on 2004/02/29 16:28:47 UTC
cvs commit: ws-fx/wss4j project.xml
werner 2004/02/29 07:28:47
Modified: wss4j project.xml
Log:
Update list of developers :-)
Revision Changes Path
1.2 +6 -0 ws-fx/wss4j/project.xml
Index: project.xml
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/project.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- project.xml 13 Feb 2004 20:43:04 -0000 1.1
+++ project.xml 29 Feb 2004 15:28:46 -0000 1.2
@@ -69,6 +69,12 @@
<email>dims@yahoo.com</email>
<organization></organization>
</developer>
+ <developer>
+ <name>Werner Dittmann</name>
+ <id>werner</id>
+ <email>werner@apache.org</email>
+ <organization></organization>
+ </developer>
</developers>
<licenses>
RE: cvs commit: ws-fx/wss4j project.xml
Posted by Davanum Srinivas <di...@yahoo.com>.
Jon,
Patches would be AWESOME :)
thanks,
dims
--- Anderson Jonathan <an...@bah.com> wrote:
> Something we're finding a bit bothersome is the assumed deploy-time
> configuration of the "Do-All" handlers, via the Axis server-config and
> client-config files. I'd like to see everything that can be configured in
> these handlers at deploy time be programmatically controllable in the core
> WSS4J API, such as actions to perform, JKS keystore file location &
> password, JKS keyentry alias & password, etc. The requirements we have that
> led us to think that way are:
>
> 1) Our deployment environments require that no keystore or key entry
> passwords be left in plaintext on the server's filesystem. All of our
> property files must therefore be encrypted.
> 2) We have a set of header elements that MUST be present in the message and
> MUST be covered by the default actor WSS Security header's signature, or
> else the message should be rejected. This requires programmatic access to
> the XML-Security XMLSignature object in order to verify the ds:Reference
> "coverage."
> 3) We have extensive message authentication and authorization logic that
> already in place that in certain cases requires UsernameTokens to be present
> in the Security header. We don't want WSS4J performing any logic on the
> UsernameToken, we just want its signature verified.
> 4) We're doing Cert Path verification, so we need programmatic access to an
> X.509 cert included in the message.
> 5) We're checking CRLs, same problem as #4.
>
> All of this led us to build our own Axis handlers from scratch, using the
> "Do-All" handlers as a reference. We're therefore using WSSecurityEngine
> API and the Crypto SPI directly, and I have a few suggestions that I'm
> working on formally "patching" and submitting to you guys. Hope it helps.
> :)
>
> -Jon
>
>
> -----Original Message-----
> From: Werner Dittmann [mailto:Werner.Dittmann@t-online.de]
> Sent: Sunday, February 29, 2004 1:49 PM
> To: dims@yahoo.com; fx-dev@ws.apache.org
> Subject: Re: cvs commit: ws-fx/wss4j project.xml
>
>
> No Problem :-).
>
> After adding the SKI stuff and the STRTransform IMHO we
> have reached a good coverage of the OASIS WSS Specs. Now
> we can try to find some other implementations for interop tests -
> as Dims stated in an earlier mail there may be some activity in the
> near future.
>
> However, what is neeeded to bring it to a more product like
> status (not a complete list, but as a reminder for a future ToDo
> list):
> - code cleanup, in particular the Exceptions, e.g. we used
> quite a lote of general "Exception" instead of more specific
> Exceptions. Thus need to bring in more WSSecurityException,
> catching/remapping the general exception. A special case is
> the STRTransform itself as it is a subclass of C14N.
> - check if testcases really test all functions, built in "Error cases"
> to check error handling
> - upgrade documentation - need a native english person to review
> existing docs, enhance them and give advise for new docs
> - make a easy to install, downloadable distribution
> - enhance examples, even if the interop secnarios already give
> some idea how to use the whole package
> - and lot of others :-)
>
> Regards,
> Werner
>
>
>
> ----- Original Message -----
> From: "Davanum Srinivas" <di...@yahoo.com>
> To: <fx...@ws.apache.org>
> Sent: Sunday, February 29, 2004 6:41 PM
> Subject: Re: cvs commit: ws-fx/wss4j project.xml
>
>
> > :) Sorry. My fault :)
> >
> > --- werner@apache.org wrote:
> > > werner 2004/02/29 07:28:47
> > >
> > > Modified: wss4j project.xml
> > > Log:
> > > Update list of developers :-)
> > >
> > > Revision Changes Path
> > > 1.2 +6 -0 ws-fx/wss4j/project.xml
> > >
> > > Index: project.xml
> > > ===================================================================
> > > RCS file: /home/cvs/ws-fx/wss4j/project.xml,v
> > > retrieving revision 1.1
> > > retrieving revision 1.2
> > > diff -u -r1.1 -r1.2
> > > --- project.xml 13 Feb 2004 20:43:04 -0000 1.1
> > > +++ project.xml 29 Feb 2004 15:28:46 -0000 1.2
> > > @@ -69,6 +69,12 @@
> > > <email>dims@yahoo.com</email>
> > > <organization></organization>
> > > </developer>
> > > + <developer>
> > > + <name>Werner Dittmann</name>
> > > + <id>werner</id>
> > > + <email>werner@apache.org</email>
> > > + <organization></organization>
> > > + </developer>
> > > </developers>
> > >
> > > <licenses>
> > >
> > >
> > >
> >
> >
> > =====
> > Davanum Srinivas - http://webservices.apache.org/~dims/
>
>
>
=====
Davanum Srinivas - http://webservices.apache.org/~dims/
RE: cvs commit: ws-fx/wss4j project.xml
Posted by Anderson Jonathan <an...@bah.com>.
Something we're finding a bit bothersome is the assumed deploy-time
configuration of the "Do-All" handlers, via the Axis server-config and
client-config files. I'd like to see everything that can be configured in
these handlers at deploy time be programmatically controllable in the core
WSS4J API, such as actions to perform, JKS keystore file location &
password, JKS keyentry alias & password, etc. The requirements we have that
led us to think that way are:
1) Our deployment environments require that no keystore or key entry
passwords be left in plaintext on the server's filesystem. All of our
property files must therefore be encrypted.
2) We have a set of header elements that MUST be present in the message and
MUST be covered by the default actor WSS Security header's signature, or
else the message should be rejected. This requires programmatic access to
the XML-Security XMLSignature object in order to verify the ds:Reference
"coverage."
3) We have extensive message authentication and authorization logic that
already in place that in certain cases requires UsernameTokens to be present
in the Security header. We don't want WSS4J performing any logic on the
UsernameToken, we just want its signature verified.
4) We're doing Cert Path verification, so we need programmatic access to an
X.509 cert included in the message.
5) We're checking CRLs, same problem as #4.
All of this led us to build our own Axis handlers from scratch, using the
"Do-All" handlers as a reference. We're therefore using WSSecurityEngine
API and the Crypto SPI directly, and I have a few suggestions that I'm
working on formally "patching" and submitting to you guys. Hope it helps.
:)
-Jon
-----Original Message-----
From: Werner Dittmann [mailto:Werner.Dittmann@t-online.de]
Sent: Sunday, February 29, 2004 1:49 PM
To: dims@yahoo.com; fx-dev@ws.apache.org
Subject: Re: cvs commit: ws-fx/wss4j project.xml
No Problem :-).
After adding the SKI stuff and the STRTransform IMHO we
have reached a good coverage of the OASIS WSS Specs. Now
we can try to find some other implementations for interop tests -
as Dims stated in an earlier mail there may be some activity in the
near future.
However, what is neeeded to bring it to a more product like
status (not a complete list, but as a reminder for a future ToDo
list):
- code cleanup, in particular the Exceptions, e.g. we used
quite a lote of general "Exception" instead of more specific
Exceptions. Thus need to bring in more WSSecurityException,
catching/remapping the general exception. A special case is
the STRTransform itself as it is a subclass of C14N.
- check if testcases really test all functions, built in "Error cases"
to check error handling
- upgrade documentation - need a native english person to review
existing docs, enhance them and give advise for new docs
- make a easy to install, downloadable distribution
- enhance examples, even if the interop secnarios already give
some idea how to use the whole package
- and lot of others :-)
Regards,
Werner
----- Original Message -----
From: "Davanum Srinivas" <di...@yahoo.com>
To: <fx...@ws.apache.org>
Sent: Sunday, February 29, 2004 6:41 PM
Subject: Re: cvs commit: ws-fx/wss4j project.xml
> :) Sorry. My fault :)
>
> --- werner@apache.org wrote:
> > werner 2004/02/29 07:28:47
> >
> > Modified: wss4j project.xml
> > Log:
> > Update list of developers :-)
> >
> > Revision Changes Path
> > 1.2 +6 -0 ws-fx/wss4j/project.xml
> >
> > Index: project.xml
> > ===================================================================
> > RCS file: /home/cvs/ws-fx/wss4j/project.xml,v
> > retrieving revision 1.1
> > retrieving revision 1.2
> > diff -u -r1.1 -r1.2
> > --- project.xml 13 Feb 2004 20:43:04 -0000 1.1
> > +++ project.xml 29 Feb 2004 15:28:46 -0000 1.2
> > @@ -69,6 +69,12 @@
> > <email>dims@yahoo.com</email>
> > <organization></organization>
> > </developer>
> > + <developer>
> > + <name>Werner Dittmann</name>
> > + <id>werner</id>
> > + <email>werner@apache.org</email>
> > + <organization></organization>
> > + </developer>
> > </developers>
> >
> > <licenses>
> >
> >
> >
>
>
> =====
> Davanum Srinivas - http://webservices.apache.org/~dims/
Re: cvs commit: ws-fx/wss4j project.xml
Posted by Werner Dittmann <We...@t-online.de>.
No Problem :-).
After adding the SKI stuff and the STRTransform IMHO we
have reached a good coverage of the OASIS WSS Specs. Now
we can try to find some other implementations for interop tests -
as Dims stated in an earlier mail there may be some activity in the
near future.
However, what is neeeded to bring it to a more product like
status (not a complete list, but as a reminder for a future ToDo
list):
- code cleanup, in particular the Exceptions, e.g. we used
quite a lote of general "Exception" instead of more specific
Exceptions. Thus need to bring in more WSSecurityException,
catching/remapping the general exception. A special case is
the STRTransform itself as it is a subclass of C14N.
- check if testcases really test all functions, built in "Error cases"
to check error handling
- upgrade documentation - need a native english person to review
existing docs, enhance them and give advise for new docs
- make a easy to install, downloadable distribution
- enhance examples, even if the interop secnarios already give
some idea how to use the whole package
- and lot of others :-)
Regards,
Werner
----- Original Message -----
From: "Davanum Srinivas" <di...@yahoo.com>
To: <fx...@ws.apache.org>
Sent: Sunday, February 29, 2004 6:41 PM
Subject: Re: cvs commit: ws-fx/wss4j project.xml
> :) Sorry. My fault :)
>
> --- werner@apache.org wrote:
> > werner 2004/02/29 07:28:47
> >
> > Modified: wss4j project.xml
> > Log:
> > Update list of developers :-)
> >
> > Revision Changes Path
> > 1.2 +6 -0 ws-fx/wss4j/project.xml
> >
> > Index: project.xml
> > ===================================================================
> > RCS file: /home/cvs/ws-fx/wss4j/project.xml,v
> > retrieving revision 1.1
> > retrieving revision 1.2
> > diff -u -r1.1 -r1.2
> > --- project.xml 13 Feb 2004 20:43:04 -0000 1.1
> > +++ project.xml 29 Feb 2004 15:28:46 -0000 1.2
> > @@ -69,6 +69,12 @@
> > <email>dims@yahoo.com</email>
> > <organization></organization>
> > </developer>
> > + <developer>
> > + <name>Werner Dittmann</name>
> > + <id>werner</id>
> > + <email>werner@apache.org</email>
> > + <organization></organization>
> > + </developer>
> > </developers>
> >
> > <licenses>
> >
> >
> >
>
>
> =====
> Davanum Srinivas - http://webservices.apache.org/~dims/
Re: cvs commit: ws-fx/wss4j project.xml
Posted by Davanum Srinivas <di...@yahoo.com>.
:) Sorry. My fault :)
--- werner@apache.org wrote:
> werner 2004/02/29 07:28:47
>
> Modified: wss4j project.xml
> Log:
> Update list of developers :-)
>
> Revision Changes Path
> 1.2 +6 -0 ws-fx/wss4j/project.xml
>
> Index: project.xml
> ===================================================================
> RCS file: /home/cvs/ws-fx/wss4j/project.xml,v
> retrieving revision 1.1
> retrieving revision 1.2
> diff -u -r1.1 -r1.2
> --- project.xml 13 Feb 2004 20:43:04 -0000 1.1
> +++ project.xml 29 Feb 2004 15:28:46 -0000 1.2
> @@ -69,6 +69,12 @@
> <email>dims@yahoo.com</email>
> <organization></organization>
> </developer>
> + <developer>
> + <name>Werner Dittmann</name>
> + <id>werner</id>
> + <email>werner@apache.org</email>
> + <organization></organization>
> + </developer>
> </developers>
>
> <licenses>
>
>
>
=====
Davanum Srinivas - http://webservices.apache.org/~dims/