WSDL and WS Security

[se...@gmx.de]

Hi,

I am looking for best way to add WS Security to WSDL. As already asked in (http://mail-archives.apache.org/mod_mbox/ws-wss4j-dev/200610.mbox/raw/%3cd80862360610020853m3783de54y3f0fc8cc3b7e2e07@mail.gmail.com%3e/2)

WS Policy is recommended. 
I have some questions for some clearification:

- WSS4J implements a policy processor. Can it be used to enforce ws security encryption of incoming/outgoing requests during runtime?

- How can an endpoint enforce elements to be encrypted? I have changed encrypted elements which client sends, but server does not complain.

- The logical connection between WS Security and WS Policy is: ws policy is able to define which message elements have to be secured by applying ws security elements.
Therefore I would define in ws policy that a special element (e.g. user credential element) has to be encrypted using ws security standard. Correct?
The WSDL would not be changed with regard to WS Security layer?

- Just using wss4j: If I would send wsdl and policy file to client, does he have to configure wss4j manually to adapt to policy or is there an automated way?

- in one post there was a question concerning param "encryptionParts". someone answered, that a more flexible approach (xpath) would be available with policy. Can it be used already?

Thanks for answers!

Greetings,
Christoph
-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

AW: WSDL and WS Security

["Dittmann, Werner" <we...@siemens.com>]

Christoph,

WS Security Policy specification is not yet stable at
the OASIS WS SX TC. The code contained int the WSS4J
directories is preliminary and by no means ready to
be used in a productive environment.

Regards,
Werner
 

> -----Ursprüngliche Nachricht-----
> Von: seehamster@gmx.de [mailto:seehamster@gmx.de] 
> Gesendet: Donnerstag, 19. Oktober 2006 12:50
> An: wss4j-dev@ws.apache.org
> Betreff: WSDL and WS Security
> 
> Hi,
> 
> I am looking for best way to add WS Security to WSDL. As 
> already asked in 
> (http://mail-archives.apache.org/mod_mbox/ws-wss4j-dev/200610.
> mbox/raw/%3cd80862360610020853m3783de54y3f0fc8cc3b7e2e07@mail.
> gmail.com%3e/2)
> 
> WS Policy is recommended. 
> I have some questions for some clearification:
> 
> - WSS4J implements a policy processor. Can it be used to 
> enforce ws security encryption of incoming/outgoing requests 
> during runtime?
> 
> - How can an endpoint enforce elements to be encrypted? I 
> have changed encrypted elements which client sends, but 
> server does not complain.
> 
> - The logical connection between WS Security and WS Policy 
> is: ws policy is able to define which message elements have 
> to be secured by applying ws security elements.
> Therefore I would define in ws policy that a special element 
> (e.g. user credential element) has to be encrypted using ws 
> security standard. Correct?
> The WSDL would not be changed with regard to WS Security layer?
> 
> - Just using wss4j: If I would send wsdl and policy file to 
> client, does he have to configure wss4j manually to adapt to 
> policy or is there an automated way?
> 
> - in one post there was a question concerning param 
> "encryptionParts". someone answered, that a more flexible 
> approach (xpath) would be available with policy. Can it be 
> used already?
> 
> Thanks for answers!
> 
> Greetings,
> Christoph
> -- 
> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

AW: WSDL and WS Security

["Dittmann, Werner" <we...@siemens.com>]

Christoph,

WS Security Policy specification is not yet stable at
the OASIS WS SX TC. The code contained int the WSS4J
directories is preliminary and by no means ready to
be used in a productive environment.

Regards,
Werner
 

> -----Ursprüngliche Nachricht-----
> Von: seehamster@gmx.de [mailto:seehamster@gmx.de] 
> Gesendet: Donnerstag, 19. Oktober 2006 12:50
> An: wss4j-dev@ws.apache.org
> Betreff: WSDL and WS Security
> 
> Hi,
> 
> I am looking for best way to add WS Security to WSDL. As 
> already asked in 
> (http://mail-archives.apache.org/mod_mbox/ws-wss4j-dev/200610.
> mbox/raw/%3cd80862360610020853m3783de54y3f0fc8cc3b7e2e07@mail.
> gmail.com%3e/2)
> 
> WS Policy is recommended. 
> I have some questions for some clearification:
> 
> - WSS4J implements a policy processor. Can it be used to 
> enforce ws security encryption of incoming/outgoing requests 
> during runtime?
> 
> - How can an endpoint enforce elements to be encrypted? I 
> have changed encrypted elements which client sends, but 
> server does not complain.
> 
> - The logical connection between WS Security and WS Policy 
> is: ws policy is able to define which message elements have 
> to be secured by applying ws security elements.
> Therefore I would define in ws policy that a special element 
> (e.g. user credential element) has to be encrypted using ws 
> security standard. Correct?
> The WSDL would not be changed with regard to WS Security layer?
> 
> - Just using wss4j: If I would send wsdl and policy file to 
> client, does he have to configure wss4j manually to adapt to 
> policy or is there an automated way?
> 
> - in one post there was a question concerning param 
> "encryptionParts". someone answered, that a more flexible 
> approach (xpath) would be available with policy. Can it be 
> used already?
> 
> Thanks for answers!
> 
> Greetings,
> Christoph
> -- 
> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org