You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Ruchith Fernando <ru...@gmail.com> on 2005/11/04 07:51:02 UTC

SignatureConfirmation with handler chaining

Hi Werner,

If possible, can you please give me some points as to what we need to
do to get sig-confirmation working with handler chaining in Axis 1.x.

I'm trying to do the same with Axis2 security module.

> Sep 6, 2005: Extending WSS4J to the new OASIS specs - first impl of SignatureConfirmation :
>
> If anybody is going to test this _and_ uses the handler chaining
> feature of WSS4J pls ask for additional info. In this case one
> specific modification in the WSDD files may be required.


Thanks,
Ruchith

On 9/6/05, Werner Dittmann <We...@t-online.de> wrote:
> All,
>
> with the next checkin a first step of the SIgnatureConfirmation
> feature of WSS 1.1 is done.
>
> Because of some open issues with the spec this first implementation
> assumes:
>
> - generate SignatureConfirmation for every Signature of every
>   wsse:Security header of the request - there my be several
>   wsse:Security headers in one request (with different actor/role)
>
> - place all SignatureConfirmation elements together in one
>   wsse:Security header of the response. This because it is not
>   necessary that the wsse:Security headers have a one-to-one
>   relationship with the request headers.
>
> - do not sign SignatureConfirmation yet - here are IMHO some open issues
>   in the spec
>
> - do not encrypt even if the Signature block of the request was
>   encrypted. I doubt if such an encryption makes sense.
>
> To enable and test this feature you need to download the source
> from SVN (trunk head), set the variable "enableSignatureConfirmation"
> to "true" (for the time being it set to "false" by default).
>
> If anybody is going to test this _and_ uses the handler chaining
> feature of WSS4J pls ask for additional info. In this case one
> specific modification in the WSDD files may be required.
>
> Regards,
> Werner
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>


--
Ruchith

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: SignatureConfirmation with handler chaining

Posted by Werner Dittmann <We...@t-online.de>.

Ruchith,

need to look at what was wrong when doing chaining. I'll check
my internal testcases and give you some info tomorrow.

Regards,
Werner

Ruchith Fernando wrote:
> Hi Werner,
> 
> If possible, can you please give me some points as to what we need to
> do to get sig-confirmation working with handler chaining in Axis 1.x.
> 
> I'm trying to do the same with Axis2 security module.
> 
> 
>>Sep 6, 2005: Extending WSS4J to the new OASIS specs - first impl of SignatureConfirmation :
>>
>>If anybody is going to test this _and_ uses the handler chaining
>>feature of WSS4J pls ask for additional info. In this case one
>>specific modification in the WSDD files may be required.
> 
> 
> 
> Thanks,
> Ruchith
> 
> On 9/6/05, Werner Dittmann <We...@t-online.de> wrote:
> 
>>All,
>>
>>with the next checkin a first step of the SIgnatureConfirmation
>>feature of WSS 1.1 is done.
>>
>>Because of some open issues with the spec this first implementation
>>assumes:
>>
>>- generate SignatureConfirmation for every Signature of every
>>  wsse:Security header of the request - there my be several
>>  wsse:Security headers in one request (with different actor/role)
>>
>>- place all SignatureConfirmation elements together in one
>>  wsse:Security header of the response. This because it is not
>>  necessary that the wsse:Security headers have a one-to-one
>>  relationship with the request headers.
>>
>>- do not sign SignatureConfirmation yet - here are IMHO some open issues
>>  in the spec
>>
>>- do not encrypt even if the Signature block of the request was
>>  encrypted. I doubt if such an encryption makes sense.
>>
>>To enable and test this feature you need to download the source
>>from SVN (trunk head), set the variable "enableSignatureConfirmation"
>>to "true" (for the time being it set to "false" by default).
>>
>>If anybody is going to test this _and_ uses the handler chaining
>>feature of WSS4J pls ask for additional info. In this case one
>>specific modification in the WSDD files may be required.
>>
>>Regards,
>>Werner
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
> 
> 
> 
> --
> Ruchith
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: SignatureConfirmation with handler chaining

Posted by Werner Dittmann <We...@t-online.de>.

Ruchith,

need to look at what was wrong when doing chaining. I'll check
my internal testcases and give you some info tomorrow.

Regards,
Werner

Ruchith Fernando wrote:
> Hi Werner,
> 
> If possible, can you please give me some points as to what we need to
> do to get sig-confirmation working with handler chaining in Axis 1.x.
> 
> I'm trying to do the same with Axis2 security module.
> 
> 
>>Sep 6, 2005: Extending WSS4J to the new OASIS specs - first impl of SignatureConfirmation :
>>
>>If anybody is going to test this _and_ uses the handler chaining
>>feature of WSS4J pls ask for additional info. In this case one
>>specific modification in the WSDD files may be required.
> 
> 
> 
> Thanks,
> Ruchith
> 
> On 9/6/05, Werner Dittmann <We...@t-online.de> wrote:
> 
>>All,
>>
>>with the next checkin a first step of the SIgnatureConfirmation
>>feature of WSS 1.1 is done.
>>
>>Because of some open issues with the spec this first implementation
>>assumes:
>>
>>- generate SignatureConfirmation for every Signature of every
>>  wsse:Security header of the request - there my be several
>>  wsse:Security headers in one request (with different actor/role)
>>
>>- place all SignatureConfirmation elements together in one
>>  wsse:Security header of the response. This because it is not
>>  necessary that the wsse:Security headers have a one-to-one
>>  relationship with the request headers.
>>
>>- do not sign SignatureConfirmation yet - here are IMHO some open issues
>>  in the spec
>>
>>- do not encrypt even if the Signature block of the request was
>>  encrypted. I doubt if such an encryption makes sense.
>>
>>To enable and test this feature you need to download the source
>>from SVN (trunk head), set the variable "enableSignatureConfirmation"
>>to "true" (for the time being it set to "false" by default).
>>
>>If anybody is going to test this _and_ uses the handler chaining
>>feature of WSS4J pls ask for additional info. In this case one
>>specific modification in the WSDD files may be required.
>>
>>Regards,
>>Werner
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
> 
> 
> 
> --
> Ruchith
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org