You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Ruchith Fernando <ru...@gmail.com> on 2005/11/04 07:51:02 UTC
SignatureConfirmation with handler chaining
Hi Werner,
If possible, can you please give me some points as to what we need to
do to get sig-confirmation working with handler chaining in Axis 1.x.
I'm trying to do the same with Axis2 security module.
> Sep 6, 2005: Extending WSS4J to the new OASIS specs - first impl of SignatureConfirmation :
>
> If anybody is going to test this _and_ uses the handler chaining
> feature of WSS4J pls ask for additional info. In this case one
> specific modification in the WSDD files may be required.
Thanks,
Ruchith
On 9/6/05, Werner Dittmann <We...@t-online.de> wrote:
> All,
>
> with the next checkin a first step of the SIgnatureConfirmation
> feature of WSS 1.1 is done.
>
> Because of some open issues with the spec this first implementation
> assumes:
>
> - generate SignatureConfirmation for every Signature of every
> wsse:Security header of the request - there my be several
> wsse:Security headers in one request (with different actor/role)
>
> - place all SignatureConfirmation elements together in one
> wsse:Security header of the response. This because it is not
> necessary that the wsse:Security headers have a one-to-one
> relationship with the request headers.
>
> - do not sign SignatureConfirmation yet - here are IMHO some open issues
> in the spec
>
> - do not encrypt even if the Signature block of the request was
> encrypted. I doubt if such an encryption makes sense.
>
> To enable and test this feature you need to download the source
> from SVN (trunk head), set the variable "enableSignatureConfirmation"
> to "true" (for the time being it set to "false" by default).
>
> If anybody is going to test this _and_ uses the handler chaining
> feature of WSS4J pls ask for additional info. In this case one
> specific modification in the WSDD files may be required.
>
> Regards,
> Werner
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
Ruchith
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: SignatureConfirmation with handler chaining
Posted by Werner Dittmann <We...@t-online.de>.
Ruchith,
need to look at what was wrong when doing chaining. I'll check
my internal testcases and give you some info tomorrow.
Regards,
Werner
Ruchith Fernando wrote:
> Hi Werner,
>
> If possible, can you please give me some points as to what we need to
> do to get sig-confirmation working with handler chaining in Axis 1.x.
>
> I'm trying to do the same with Axis2 security module.
>
>
>>Sep 6, 2005: Extending WSS4J to the new OASIS specs - first impl of SignatureConfirmation :
>>
>>If anybody is going to test this _and_ uses the handler chaining
>>feature of WSS4J pls ask for additional info. In this case one
>>specific modification in the WSDD files may be required.
>
>
>
> Thanks,
> Ruchith
>
> On 9/6/05, Werner Dittmann <We...@t-online.de> wrote:
>
>>All,
>>
>>with the next checkin a first step of the SIgnatureConfirmation
>>feature of WSS 1.1 is done.
>>
>>Because of some open issues with the spec this first implementation
>>assumes:
>>
>>- generate SignatureConfirmation for every Signature of every
>> wsse:Security header of the request - there my be several
>> wsse:Security headers in one request (with different actor/role)
>>
>>- place all SignatureConfirmation elements together in one
>> wsse:Security header of the response. This because it is not
>> necessary that the wsse:Security headers have a one-to-one
>> relationship with the request headers.
>>
>>- do not sign SignatureConfirmation yet - here are IMHO some open issues
>> in the spec
>>
>>- do not encrypt even if the Signature block of the request was
>> encrypted. I doubt if such an encryption makes sense.
>>
>>To enable and test this feature you need to download the source
>>from SVN (trunk head), set the variable "enableSignatureConfirmation"
>>to "true" (for the time being it set to "false" by default).
>>
>>If anybody is going to test this _and_ uses the handler chaining
>>feature of WSS4J pls ask for additional info. In this case one
>>specific modification in the WSDD files may be required.
>>
>>Regards,
>>Werner
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
>
> --
> Ruchith
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: SignatureConfirmation with handler chaining
Posted by Werner Dittmann <We...@t-online.de>.
Ruchith,
need to look at what was wrong when doing chaining. I'll check
my internal testcases and give you some info tomorrow.
Regards,
Werner
Ruchith Fernando wrote:
> Hi Werner,
>
> If possible, can you please give me some points as to what we need to
> do to get sig-confirmation working with handler chaining in Axis 1.x.
>
> I'm trying to do the same with Axis2 security module.
>
>
>>Sep 6, 2005: Extending WSS4J to the new OASIS specs - first impl of SignatureConfirmation :
>>
>>If anybody is going to test this _and_ uses the handler chaining
>>feature of WSS4J pls ask for additional info. In this case one
>>specific modification in the WSDD files may be required.
>
>
>
> Thanks,
> Ruchith
>
> On 9/6/05, Werner Dittmann <We...@t-online.de> wrote:
>
>>All,
>>
>>with the next checkin a first step of the SIgnatureConfirmation
>>feature of WSS 1.1 is done.
>>
>>Because of some open issues with the spec this first implementation
>>assumes:
>>
>>- generate SignatureConfirmation for every Signature of every
>> wsse:Security header of the request - there my be several
>> wsse:Security headers in one request (with different actor/role)
>>
>>- place all SignatureConfirmation elements together in one
>> wsse:Security header of the response. This because it is not
>> necessary that the wsse:Security headers have a one-to-one
>> relationship with the request headers.
>>
>>- do not sign SignatureConfirmation yet - here are IMHO some open issues
>> in the spec
>>
>>- do not encrypt even if the Signature block of the request was
>> encrypted. I doubt if such an encryption makes sense.
>>
>>To enable and test this feature you need to download the source
>>from SVN (trunk head), set the variable "enableSignatureConfirmation"
>>to "true" (for the time being it set to "false" by default).
>>
>>If anybody is going to test this _and_ uses the handler chaining
>>feature of WSS4J pls ask for additional info. In this case one
>>specific modification in the WSDD files may be required.
>>
>>Regards,
>>Werner
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
>
> --
> Ruchith
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org