You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Davide Gesino <wi...@libero.it> on 2008/01/10 12:12:49 UTC

Re: WS-SX

Maybe I am wrong adding my reply here, for I am not a CXF developer but a
user: anyway this thread is really what I was looking for, WS-SX (Trust and
conversation) advanced features.
These features are not present in the JIRA, so I guess these features will
not be in CXF 2.1.
Are these features definitively shifted to future versions? 



Dan Diephouse-2 wrote:
> 
> 
> 
> 
> 
> 
> One of the things on my wishlist for 2.1 is support for WS-SX -
> WS-SecurityPolicy, WS-SecureConversation, and WS-Trust. Its a very
> important feature for a lot of corporations because it enables much
> faster security and it also enables a range of security scenarios which
> weren't possible before. 
> 
> I know I've chatted with Fred a bit about this before, but I'd like to
> bring the discussion to the dev list for a while so we can a) figure
> out the scope of the work b) decide if we can do it for 2.1 and c)
> figure out who's going to do what. Regarding this last point, I will be
> very happy to particpate, but I'm not sure I can do the majority of the
> work. But I can certainly code some and help brainstorm. 
> 
> At a high level I suppose there are several things we need to do: 
> 
>   Build a WS-Trust service for token exchange. At the very least we
> need to be able to create symmetric keys from the asymmetric public
> keys for WS-SecureConversation.
>   WS-SecurityPolicy
>   
>     First we need to start using JAXB catalog files. These files
> allow JAXB to use classes which have already been generated when doing
> xsd2java. In other words, our ws-security module can generate the
> security policy beans and reference the beans in the policy module.
> Whereas right now, the policy beans would be regenerated by JAXB. This
> requires an upgrade to JAXB 2.1 and also it requires use of the
> official/Mojo JAXB plugin instead of our own. Our own plugin is
> architected in such a way that adding this feature isn't really
> possible without a rewrite, which seems like a waste of time. 
>     
>     Which, if not all, policy assertions do we need to support?
>   
>   WS-SecureConversation service and interceptors
>   WS-Security feature for configuration (I heard through the
> grapevine someone may have started on this. Would be interested to see
> what has been done - I really like the way Spring-WS does WS-Security
> configuration so it may be interesting to look into that)
> 
> So with that - anyone else looked into this in more detail? Anyone want
> to help pick up this feature for 2.1? 
> 
> Cheers, 
> - Dan 
> -- 
> Dan Diephouse
> MuleSource
> http://mulesource.com  | http://netzooid.com/blog 
> 
> 
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/WS-SX-tp12841062p14731154.html
Sent from the cxf-dev mailing list archive at Nabble.com.