RE: Web Services Security

[pa...@j2ee-security.net]

> Sanjesh Wrote:
> 
> You have done a great job. The source code is awesome. I just glanced
> through the JSTK and the user guide. It looks impressive.
> 
> I downloaded chapter 11 and read through it. You have explained the
> security stuff very nicely. 

Thanks sanjesh. Praise in a public forum is always welcome.

May I quote you at www.j2ee-security.net ?

> One thing I noticed missing is that I didn't
> see anything about WS-Security UsernameToken.

You are right. As you can see, the coverage of WS-Security specification is not 
comprehensive. My main objective was to illustrate use of JAX-RPC handlers for 
processing related to security and XML-Sig and XML-Enc are more appropriate for 
securing WebService messages.

Regards,
Pankaj Kumar
(www.j2ee-security.net)

> 
> Sanjesh
> 
> -----Original Message-----
> From: Pankaj Kumar [mailto:pankaj4oss@j2ee-security.net] 
> Sent: Wednesday, September 24, 2003 8:34 AM
> To: axis-dev@ws.apache.org; hemapani@vijayaba.cse.mrt.ac.lk
> Subject: Re: Web Services Security
> 
> Hi,
> 
> At the risk of sounding self-promotional, I will refer you to the site
> http://www.j2ee-security.net . This site is devoted to my latest (and
> only)
> book titled "J2EE Security for Servlets, EJBs and Web Services" and has
> the
> chapter "Web Services Security" as the free sample download. You can get
> to
> the download page directly by clicking on
> http://www.j2ee-security.net/book/sample-chap/. However, there are other
> goodies on the site, including, but not limited to, the complete source
> code
> of all the examples and utilities covered in the book.
> 
> One of the examples uses Axis, JAX-RPC and VeriSign TSIK to implement
> WS-Security based security mechanism.
> 
> Pankaj Kumar,
> www.pankaj-k.net
> www.j2ee-security.net
> 
> ----- Original Message ----- 
> From: "Srinath Perera" <he...@vijayaba.cse.mrt.ac.lk>
> To: <ax...@ws.apache.org>
> Sent: Wednesday, September 24, 2003 7:07 PM
> Subject: Re: Web Services Security
> 
> 
> > this has bit of theoritical aspects, check how much is supported
> >  http://www-106.ibm.com/developerworks/webservices/library/ws-secure/
> >
> > Srinath
> >
> >
> > On Thu, 2003-09-25 at 02:57, Jose Antonio Chirinos wrote:
> > > Hi, i'm newbie with web services; i'm developing with Axis libraries
> > > and Borland JBuilder 8, i successfully generate several web services
> > > but i am worried about security features, if anybody know where i
> can
> > > find some information about it. please help me. I'm deploying the
> web
> > > services in Apache/Tomcat.
> > >
> > > Thanks in Advanced.
> > > Jose Antonio Chirinos.
> > >
> > >
> > >
> ______________________________________________________________________
> > > Do you Yahoo!?
> > > Yahoo! SiteBuilder - Free, easy-to-use web site design software
> >
> 
> 

RE:  Web Services Security

[Sanjesh Pathak <sa...@soapknox.com>]

Pankaj,

>May I quote you at www.j2ee-security.net ?

Please go ahead.

Sanjesh

-----Original Message-----
From: pankaj4oss@j2ee-security.net [mailto:pankaj4oss@j2ee-security.net]

Sent: Tuesday, September 30, 2003 4:54 PM
To: axis-dev@ws.apache.org
Subject: RE: Web Services Security


> Sanjesh Wrote:
> 
> You have done a great job. The source code is awesome. I just glanced
> through the JSTK and the user guide. It looks impressive.
> 
> I downloaded chapter 11 and read through it. You have explained the
> security stuff very nicely. 

Thanks sanjesh. Praise in a public forum is always welcome.

May I quote you at www.j2ee-security.net ?

> One thing I noticed missing is that I didn't
> see anything about WS-Security UsernameToken.

You are right. As you can see, the coverage of WS-Security specification
is not 
comprehensive. My main objective was to illustrate use of JAX-RPC
handlers for 
processing related to security and XML-Sig and XML-Enc are more
appropriate for 
securing WebService messages.

Regards,
Pankaj Kumar
(www.j2ee-security.net)

> 
> Sanjesh
> 
> -----Original Message-----
> From: Pankaj Kumar [mailto:pankaj4oss@j2ee-security.net] 
> Sent: Wednesday, September 24, 2003 8:34 AM
> To: axis-dev@ws.apache.org; hemapani@vijayaba.cse.mrt.ac.lk
> Subject: Re: Web Services Security
> 
> Hi,
> 
> At the risk of sounding self-promotional, I will refer you to the site
> http://www.j2ee-security.net . This site is devoted to my latest (and
> only)
> book titled "J2EE Security for Servlets, EJBs and Web Services" and
has
> the
> chapter "Web Services Security" as the free sample download. You can
get
> to
> the download page directly by clicking on
> http://www.j2ee-security.net/book/sample-chap/. However, there are
other
> goodies on the site, including, but not limited to, the complete
source
> code
> of all the examples and utilities covered in the book.
> 
> One of the examples uses Axis, JAX-RPC and VeriSign TSIK to implement
> WS-Security based security mechanism.
> 
> Pankaj Kumar,
> www.pankaj-k.net
> www.j2ee-security.net
> 
> ----- Original Message ----- 
> From: "Srinath Perera" <he...@vijayaba.cse.mrt.ac.lk>
> To: <ax...@ws.apache.org>
> Sent: Wednesday, September 24, 2003 7:07 PM
> Subject: Re: Web Services Security
> 
> 
> > this has bit of theoritical aspects, check how much is supported
> >
http://www-106.ibm.com/developerworks/webservices/library/ws-secure/
> >
> > Srinath
> >
> >
> > On Thu, 2003-09-25 at 02:57, Jose Antonio Chirinos wrote:
> > > Hi, i'm newbie with web services; i'm developing with Axis
libraries
> > > and Borland JBuilder 8, i successfully generate several web
services
> > > but i am worried about security features, if anybody know where i
> can
> > > find some information about it. please help me. I'm deploying the
> web
> > > services in Apache/Tomcat.
> > >
> > > Thanks in Advanced.
> > > Jose Antonio Chirinos.
> > >
> > >
> > >
> ______________________________________________________________________
> > > Do you Yahoo!?
> > > Yahoo! SiteBuilder - Free, easy-to-use web site design software
> >
> 
>