You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Wynn, Jackson E." <jw...@mitre.org> on 2007/01/30 14:36:36 UTC
RE: rahas v1.1 capabilities..
Thanks Ruchith..
One aspect of the prototype that I'm developing is demonstration of
agile policy enforcement, i.e., coordinated adjustment of security
policies when conditions warrant.
Looking at the sample software provided with rampart, specifically
sample11, it appears that OutflowConfiguration and InflowConfiguration
support runtime policy changes. These classes are deprecated in the
rampart v1.1.1 release - is there an alternative set of classes that I
can use to provide this?
Thanks again,
Jackson Wynn
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Monday, January 29, 2007 8:39 PM
To: axis-dev@ws.apache.org
Subject: Re: rahas v1.1 capabilities..
You can post rampart/rahas related questions to
rampart-dev@ws.apache.org list :-)
Thanks,
Ruchith
On 1/30/07, Ruchith Fernando <ru...@gmail.com> wrote:
> Hi,
>
>
> On 1/30/07, Wynn, Jackson E. <jw...@mitre.org> wrote:
> >
> >
> > Apologies to all if this is posted to the wrong group...
> >
> > I am developing a prototype using Axis 2 and would like to learn
more about
> > what WS-Trust capabilities rahas v1.1 supports. After reviewing the
rampart
> > 1.1 code base, it appears that the STS implemented with rahas v1.1
supports
> > issuance and cancellation of SAML v1.1 and SCT tokens only. STS
token
> > renewal and challenge/response are not supported.
> >
> > Is this a correct assessment? Is <SignChallenge> or Key Exchange
Tokens
> > supported?
>
> Yes the statement is correct! We do not support challange/response
> protocol and we don't have any renewers by default with rahas *yet*.
>
> >
> > When I enable rahas for a web service, the ?wsdl for that services
does not
> > include STS request functions - is there a wsdl specification for
the STS
> > service that a web client application would use to request security
tokens?
>
> This is another issue that we will have to improve. Please raise a
> JIRA issue [1] on this.
>
> However this2] is the wsdl for the STS defined by the WS-Trust spec.
> Thanks,
> Ruchith
>
> [1] https://issues.apache.org/jira/browse/RAMPART
> [2] http://schemas.xmlsoap.org/ws/2005/02/trust/WS-Trust.wsdl
>
> >
> > Thanks,
> >
> > Jackson Wynn
> >
> > Lead INFOSEC Engineer
> > The MITRE Corporation
> > Bedford, MA
> >
> > (781) 271-3419
>
>
> --
> www.ruchith.org
> www.wso2.org
>
--
www.ruchith.org
www.wso2.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org
Re: rahas v1.1 capabilities..
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
You can access the policy assertions as org.apache.neethi.* instances
and change the values in the runtime.
Thanks,
Ruchith
On 1/30/07, Wynn, Jackson E. <jw...@mitre.org> wrote:
> Thanks Ruchith..
>
> One aspect of the prototype that I'm developing is demonstration of
> agile policy enforcement, i.e., coordinated adjustment of security
> policies when conditions warrant.
>
> Looking at the sample software provided with rampart, specifically
> sample11, it appears that OutflowConfiguration and InflowConfiguration
> support runtime policy changes. These classes are deprecated in the
> rampart v1.1.1 release - is there an alternative set of classes that I
> can use to provide this?
>
> Thanks again,
> Jackson Wynn
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Monday, January 29, 2007 8:39 PM
> To: axis-dev@ws.apache.org
> Subject: Re: rahas v1.1 capabilities..
>
> You can post rampart/rahas related questions to
> rampart-dev@ws.apache.org list :-)
>
> Thanks,
> Ruchith
>
> On 1/30/07, Ruchith Fernando <ru...@gmail.com> wrote:
> > Hi,
> >
> >
> > On 1/30/07, Wynn, Jackson E. <jw...@mitre.org> wrote:
> > >
> > >
> > > Apologies to all if this is posted to the wrong group...
> > >
> > > I am developing a prototype using Axis 2 and would like to learn
> more about
> > > what WS-Trust capabilities rahas v1.1 supports. After reviewing the
> rampart
> > > 1.1 code base, it appears that the STS implemented with rahas v1.1
> supports
> > > issuance and cancellation of SAML v1.1 and SCT tokens only. STS
> token
> > > renewal and challenge/response are not supported.
> > >
> > > Is this a correct assessment? Is <SignChallenge> or Key Exchange
> Tokens
> > > supported?
> >
> > Yes the statement is correct! We do not support challange/response
> > protocol and we don't have any renewers by default with rahas *yet*.
> >
> > >
> > > When I enable rahas for a web service, the ?wsdl for that services
> does not
> > > include STS request functions - is there a wsdl specification for
> the STS
> > > service that a web client application would use to request security
> tokens?
> >
> > This is another issue that we will have to improve. Please raise a
> > JIRA issue [1] on this.
> >
> > However this2] is the wsdl for the STS defined by the WS-Trust spec.
> > Thanks,
> > Ruchith
> >
> > [1] https://issues.apache.org/jira/browse/RAMPART
> > [2] http://schemas.xmlsoap.org/ws/2005/02/trust/WS-Trust.wsdl
> >
> > >
> > > Thanks,
> > >
> > > Jackson Wynn
> > >
> > > Lead INFOSEC Engineer
> > > The MITRE Corporation
> > > Bedford, MA
> > >
> > > (781) 271-3419
> >
> >
> > --
> > www.ruchith.org
> > www.wso2.org
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
>
>
--
www.ruchith.org
www.wso2.org
Re: rahas v1.1 capabilities..
Posted by Davanum Srinivas <da...@gmail.com>.
Jackson,
Please go ahead and use them. We will not be removing them anytime soon...
thanks,
dims
On 1/30/07, Wynn, Jackson E. <jw...@mitre.org> wrote:
> Thanks Ruchith..
>
> One aspect of the prototype that I'm developing is demonstration of
> agile policy enforcement, i.e., coordinated adjustment of security
> policies when conditions warrant.
>
> Looking at the sample software provided with rampart, specifically
> sample11, it appears that OutflowConfiguration and InflowConfiguration
> support runtime policy changes. These classes are deprecated in the
> rampart v1.1.1 release - is there an alternative set of classes that I
> can use to provide this?
>
> Thanks again,
> Jackson Wynn
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Monday, January 29, 2007 8:39 PM
> To: axis-dev@ws.apache.org
> Subject: Re: rahas v1.1 capabilities..
>
> You can post rampart/rahas related questions to
> rampart-dev@ws.apache.org list :-)
>
> Thanks,
> Ruchith
>
> On 1/30/07, Ruchith Fernando <ru...@gmail.com> wrote:
> > Hi,
> >
> >
> > On 1/30/07, Wynn, Jackson E. <jw...@mitre.org> wrote:
> > >
> > >
> > > Apologies to all if this is posted to the wrong group...
> > >
> > > I am developing a prototype using Axis 2 and would like to learn
> more about
> > > what WS-Trust capabilities rahas v1.1 supports. After reviewing the
> rampart
> > > 1.1 code base, it appears that the STS implemented with rahas v1.1
> supports
> > > issuance and cancellation of SAML v1.1 and SCT tokens only. STS
> token
> > > renewal and challenge/response are not supported.
> > >
> > > Is this a correct assessment? Is <SignChallenge> or Key Exchange
> Tokens
> > > supported?
> >
> > Yes the statement is correct! We do not support challange/response
> > protocol and we don't have any renewers by default with rahas *yet*.
> >
> > >
> > > When I enable rahas for a web service, the ?wsdl for that services
> does not
> > > include STS request functions - is there a wsdl specification for
> the STS
> > > service that a web client application would use to request security
> tokens?
> >
> > This is another issue that we will have to improve. Please raise a
> > JIRA issue [1] on this.
> >
> > However this2] is the wsdl for the STS defined by the WS-Trust spec.
> > Thanks,
> > Ruchith
> >
> > [1] https://issues.apache.org/jira/browse/RAMPART
> > [2] http://schemas.xmlsoap.org/ws/2005/02/trust/WS-Trust.wsdl
> >
> > >
> > > Thanks,
> > >
> > > Jackson Wynn
> > >
> > > Lead INFOSEC Engineer
> > > The MITRE Corporation
> > > Bedford, MA
> > >
> > > (781) 271-3419
> >
> >
> > --
> > www.ruchith.org
> > www.wso2.org
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
>
>
--
Davanum Srinivas :: http://wso2.org/ :: Oxygen for Web Services Developers