You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2013/05/01 21:48:06 UTC
svn commit: r860515 - in /websites/production/cxf/content:
cache/docs.pageCache docs/xml-key-management-service-xkms.data/
docs/xml-key-management-service-xkms.data/classic-message-encryption.jpg
docs/xml-key-management-service-xkms.html
Author: buildbot
Date: Wed May 1 19:48:06 2013
New Revision: 860515
Log:
Production update by buildbot for cxf
Added:
websites/production/cxf/content/docs/xml-key-management-service-xkms.data/
websites/production/cxf/content/docs/xml-key-management-service-xkms.data/classic-message-encryption.jpg (with props)
websites/production/cxf/content/docs/xml-key-management-service-xkms.html
Modified:
websites/production/cxf/content/cache/docs.pageCache
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Added: websites/production/cxf/content/docs/xml-key-management-service-xkms.data/classic-message-encryption.jpg
==============================================================================
Binary file - no diff available.
Propchange: websites/production/cxf/content/docs/xml-key-management-service-xkms.data/classic-message-encryption.jpg
------------------------------------------------------------------------------
svn:mime-type = image/jpeg
Added: websites/production/cxf/content/docs/xml-key-management-service-xkms.html
==============================================================================
--- websites/production/cxf/content/docs/xml-key-management-service-xkms.html (added)
+++ websites/production/cxf/content/docs/xml-key-management-service-xkms.html Wed May 1 19:48:06 2013
@@ -0,0 +1,194 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <link type="text/css" rel="stylesheet" href="http://cxf.apache.org/resources/site.css">
+ <script src="http://cxf.apache.org/resources/space.js" type="text/javascript"></script>
+
+<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+<meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
+<meta name="description" content="Apache CXF, Services Framework - XML Key Management Service (XKMS)">
+ <title>
+Apache CXF -- XML Key Management Service (XKMS)
+ </title>
+ </head>
+<body onload="init()">
+
+
+<table width="100%" cellpadding="0" cellspacing="0">
+ <tr>
+ <td id="cell-0-0" colspan="2"> </td>
+ <td id="cell-0-1"> </td>
+ <td id="cell-0-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-1-0"> </td>
+ <td id="cell-1-1"> </td>
+ <td id="cell-1-2">
+ <div style="padding: 5px;">
+ <div id="banner">
+ <!-- Banner -->
+<div id="banner-content">
+<table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
+<a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
+</td><td align="right" colspan="1" nowrap>
+<a shape="rect" href="http://www.apache.org/" title="The Apache Sofware Foundation"><img border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
+</td></tr></table>
+</div>
+ <!-- Banner -->
+ </div>
+ </div>
+ <div id="top-menu">
+ <table border="0" cellpadding="1" cellspacing="0" width="100%">
+ <tr>
+ <td>
+ <div align="left">
+ <!-- Breadcrumbs -->
+<a href="index.html">Index</a> > <a href="xml-key-management-service-xkms.html">XML Key Management Service (XKMS)</a>
+ <!-- Breadcrumbs -->
+ </div>
+ </td>
+ <td>
+ <div align="right">
+ <!-- Quicklinks -->
+<div id="quicklinks"><p><a shape="rect" href="http://cxf.apache.org/download.html">Download</a> | <a shape="rect" href="http://cxf.apache.org/docs/index.html">Documentation</a></p></div>
+ <!-- Quicklinks -->
+ </div>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ <td id="cell-1-3"> </td>
+ <td id="cell-1-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-2-0" colspan="2"> </td>
+ <td id="cell-2-1">
+ <table>
+ <tr valign="top">
+ <td height="100%">
+ <div id="wrapper-menu-page-right">
+ <div id="wrapper-menu-page-top">
+ <div id="wrapper-menu-page-bottom">
+ <div id="menu-page">
+ <!-- NavigationBar -->
+<div id="navigation"><ul class="alternate" type="square"><li><a shape="rect" href="overview.html" title="Overview">Overview</a></li><li><a shape="rect" href="how-tos.html" title="How-Tos">How-Tos</a></li><li><a shape="rect" href="frontends.html" title="Frontends">Frontends</a></li><li><a shape="rect" href="databindings.html" title="DataBindings">DataBindings</a></li><li><a shape="rect" href="transports.html" title="Transports">Transports</a></li><li><a shape="rect" href="configuration.html" title="Configuration">Configuration</a></li><li><a shape="rect" href="debugging-and-logging.html" title="Debugging and Logging">Debugging and Logging</a></li><li><a shape="rect" href="tools.html" title="Tools">Tools</a></li><li><a shape="rect" href="restful-services.html" title="RESTful Services">RESTful Services</a></li><li><a shape="rect" href="wsdl-bindings.html" title="WSDL Bindings">WSDL Bindings</a></li><li><a shape="rect" href="service-routing.html" title="Service Routing">Service
Routing</a></li><li><a shape="rect" href="dynamic-languages.html" title="Dynamic Languages">Dynamic Languages</a></li><li><a shape="rect" href="ws-support.html" title="WS-* Support">WS-* Support</a></li><li><a shape="rect" href="advanced-integration.html" title="Advanced Integration">Advanced Integration</a></li><li><a shape="rect" href="deployment.html" title="Deployment">Deployment</a></li><li><a shape="rect" href="schemas-and-namespaces.html" title="Schemas and Namespaces">Use of Schemas and Namespaces</a></li></ul>
+
+
+<hr>
+<ul class="alternate" type="square"><li>Search
+
+<form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
+ <div>
+ <input type="hidden" name="cx" value="002890367768291051730:o99qiwa09y4">
+ <input type="hidden" name="ie" value="UTF-8">
+ <input type="text" name="q" size="21">
+ <input type="submit" name="sa" value="Search">
+ </div>
+</form>
+<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
+</li></ul>
+
+
+<hr>
+<ul class="alternate" type="square"><li><a shape="rect" href="http://cxf.apache.org/javadoc/latest/">API (Javadoc)</a></li><li><a shape="rect" href="http://cxf.apache.org/">CXF Website</a></li></ul>
+
+</div>
+ <!-- NavigationBar -->
+ </div>
+ </div>
+ </div>
+ </div>
+ </td>
+ <td height="100%">
+ <!-- Content -->
+ <div class="wiki-content">
+<div id="ConfluenceContent"><h1><a shape="rect" name="XMLKeyManagementService%28XKMS%29-XMLKeyManagementService%28XKMS%29"></a>XML Key Management Service (XKMS)</h1>
+
+<h2><a shape="rect" name="XMLKeyManagementService%28XKMS%29-Usecase"></a>Use case</h2>
+
+<p>CXF security uses asymmetric algorithms for different purposes: encryption of symmetric keys and payloads, signing security tokens and messages, proof of possession.<br clear="none">
+Normally the public keys (in form of X509 certificates) are stored in java keystores.</p>
+
+<p>For example, if sender encrypts the message payload sending to the receiver, he should have access to receiver certificate saved in local keystore. <br clear="none">
+The sender uses this certificate for message encryption and receiver decrypts request with corresponded own private key:</p>
+
+
+<p><span class="image-wrap" style=""><img src="xml-key-management-service-xkms.data/classic-message-encryption.jpg" style="border: 0px solid black"></span></p>
+
+
+<p>Seems to be OK? Imagine now that you have production environment with 100 different clients of this service and service certificate is expired. You should reissue and replace certificate in ALL client keystores! Even more, if keystores are packaged into war files or OSGi bundles – they should be unpackaged and updated. Not really acceptable for enterprise environments.</p>
+
+<p>Therefore large service landscapes support central certificates management. It means that X509 certificates are not stored locally in keystores, but are provided and administrated centrally.</p>
+
+<p>Normally it is a responsibility of <a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Public-key_infrastructure" rel="nofollow">Public Key Infrastructure</a> (PKI) established in organization. PKI is responsible to create, manage, store, distribute, synchronize and revoke public certificates and certification authorities (CAs).</p>
+
+<h2><a shape="rect" name="XMLKeyManagementService%28XKMS%29-XKMSSpecification"></a>XKMS Specification</h2>
+
+<p>W3C specifies standard protocol to distribute and register public keys, certificates and CAs that can be used for XML-based cryptography, including signature and encryption: <a shape="rect" class="external-link" href="http://www.w3.org/TR/xkms2/" rel="nofollow">XML Key Management Specification</a> (XKMS 2.0).<br clear="none">
+The XKMS Specification comprises two parts – the XML Key Information Service Specification (XKISS) describing the runtime aspects of key lookup and certificate validation and the XML Key Registration Service Specification (XKRSS) describing the administrative aspects of registering, renewing, revoking and recovering certificates.</p></div>
+ </div>
+ <!-- Content -->
+ </td>
+ </tr>
+ </table>
+ </td>
+ <td id="cell-2-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-3-0"> </td>
+ <td id="cell-3-1"> </td>
+ <td id="cell-3-2">
+ <div id="footer">
+ <!-- Footer -->
+ <div id="site-footer">
+ <a href="http://cxf.apache.org/privacy-policy.html">Privacy Policy</a> -
+ (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=31820321">edit page</a>)
+ (<a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=31820321&showComments=true&showCommentArea=true#addcomment">add comment</a>)<br>
+ Apache CXF, CXF, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
+ All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ <!-- Footer -->
+ </div>
+ </td>
+ <td id="cell-3-3"> </td>
+ <td id="cell-3-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-4-0" colspan="2"> </td>
+ <td id="cell-4-1"> </td>
+ <td id="cell-4-2" colspan="2"> </td>
+ </tr>
+</table>
+
+<script type="text/javascript">
+var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
+document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
+</script>
+<script type="text/javascript">
+try {
+var pageTracker = _gat._getTracker("UA-4458903-1");
+pageTracker._trackPageview();
+} catch(err) {}</script>
+
+</body>
+</html>
+