Can Sun clarify their vision on integrating WS-SECURITY into JAX-WS 2.0? It seems XMl digital signature has been slated for Mustang (J2SE 6.0), but it is necessary for J2EE 5.0/JAX-WS 2.0?
Sun does not have a roadmap that we can share at the moment but we are carefully listening to our customers and working with partners to assess what would be best.
With my JWSDP community hat on, the basic notion of the JWSDP is that of a collection of projects all working on the same core, so we certainly would welcome projects that built on what is available today to explore or implement other specifications. Or you can wait a bit longer while things settle on this area.
I am in the inital phase of exploring the WS-* security related stack. After reading some papers on the Microsoft site, it seems to me that WS-SECURITY is not very useful without WS-TRUST and WS-SECURECONVERSATION and SAML (I do not think WS-POLICY is crucial, though).
I do think these protocols would need some Java implementations and from your comments it does not seem J2EE will provide anything standard in near future.
I guess, I will stick with SSL/HTTPS for now to avoid any risks with security related WS-* protocols.
XWSS 2.0 has moved to XMLDSIG/.JSR105 RI for signatures and plans to move to JSR 106 for encryption when
it gets released. So yes one using JAX-WS 2.0 with XWS 2.0 will need to use XMLDSIG
What about the other WS-* security protocols: WS-TRUST, WS-SecureConversation SAML and XrML. Is there a roadmap of what to expect in JAX-WS in future? Are there JAVA.NET hosted OSS projects to provide some implementation?
Apache WSS4J has support for WS-Security, There is some code for WS-Trust and WS-SecureConversation as well.For SAML, u can use OpenSAML.
How compatible is WSS4J with the upcoming Sun's JAX-WS 2.0 pack?
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Participation.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.