You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by "Faucher, Christian" <Ch...@axa-canada.com> on 2005/03/04 15:49:24 UTC
RE : Digital Signatures and Axis 1.2 RC2/RC3
Dims,
SOAP-DSIG (http://www.w3.org/TR/2001/NOTE-SOAP-dsig-20010206/) is completely outdated. OASIS WS-Security is the latest. Axis does not support it either though there are some samples in axis itself.
I see. This is why we could not find any documentation after mid-2001! :-)
When do you need a milestone/release candidate of WSS4J. let me know. It will have to be after Axis 1.2 is final of course (predicted to be released next weekend 9th/10th if there are no show stoppers)
Our project (two projects in fact) go live mid-june/july. Both using Axis. Both with reusing the same security components.
I must say that our first choice is to have the connections between remote (but well-identified) clients using HTTPS through Internet, with server and client certificates so that servers can confirm their identities.
However, one of these "well-identified client" has a problem using client certificate, and is proposing a certicate contained in the SOAP header (the "alternate solution"), that we will have to validate, hence the question about digital signatures.
To answer your question about WSS4J, I would need it quite soon, say mid-april timeframe, so we have time to test the "alternate solution", if needs be.
BR,
Christian Faucher
thanks,
dims
On Thu, 3 Mar 2005 17:46:26 -0500, Faucher, Christian <Ch...@axa-canada.com> wrote:
>
>
> Hi all,
>
> We've been investigating a way to certify that the client calling our
> server is really the expected client. We came across digital
> signatures (SOAP-DSIG).
>
> Is this a supported feature by Axis? Or do I need to install WSSE as
> well?
> Is it supported as well by .NET in a compatible way?
>
> In our case, the server-side processing could be an Handler
> intercepting the SOAP request, looking for SOAPSEC, get the signature
> and valid it. But we would like to avoid as much as possible WSSE4J
> (time constraints, nothing personal...).
>
> Christian Faucher
>
> Concepteur/Designer
> AXA Canada Tech
> 2020, rue University, Bureau 600
> Montréal (Québec) H3A 2A5
> T: (514) 282-6817, x2943
> F: (514) 282-6017
> Email: christian.faucher@axa-canada.com
>
> ________________________________
>
> "Ce message est confidentiel, à l'usage exclusif du destinataire
> ci-dessus et son contenu ne représente en aucun cas un engagement de
> la part de AXA, sauf en cas de stipulation expresse et par écrit de la
> part de AXA. Toute publication, utilisation ou diffusion, même
> partielle, doit être autorisée préalablement. Si vous n'êtes pas
> destinataire de ce message, merci d'en avertir immédiatement
> l'expéditeur."
>
> "This e-mail message is confidential, for the exclusive use of the
> addressee and its contents shall not constitute a commitment by AXA,
> except as otherwise specifically provided in writing by AXA. Any
> unauthorized disclosure, use or dissemination, either whole or
> partial, is prohibited. If you are not the intended recipient of the
> message, please notify the sender immediately."
--
Davanum Srinivas - http://webservices.apache.org/~dims/