You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Werner Dittmann <We...@t-online.de> on 2005/09/06 15:06:22 UTC

Extending WSS4J to the new OASIS specs - first impl of SignatureConfirmation

All,

with the next checkin a first step of the SIgnatureConfirmation
feature of WSS 1.1 is done.

Because of some open issues with the spec this first implementation
assumes:

- generate SignatureConfirmation for every Signature of every
  wsse:Security header of the request - there my be several
  wsse:Security headers in one request (with different actor/role)

- place all SignatureConfirmation elements together in one
  wsse:Security header of the response. This because it is not
  necessary that the wsse:Security headers have a one-to-one
  relationship with the request headers.

- do not sign SignatureConfirmation yet - here are IMHO some open issues
  in the spec

- do not encrypt even if the Signature block of the request was
  encrypted. I doubt if such an encryption makes sense.

To enable and test this feature you need to download the source
from SVN (trunk head), set the variable "enableSignatureConfirmation"
to "true" (for the time being it set to "false" by default).

If anybody is going to test this _and_ uses the handler chaining
feature of WSS4J pls ask for additional info. In this case one
specific modification in the WSDD files may be required.

Regards,
Werner




---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org