Skip to main content

WS-SECURITY in JAX-WS 2.0?

6 replies [Last post]
hr_stoyanov
Offline
Joined: 2004-04-01
Points: 0

Hi all-,
Can Sun clarify their vision on integrating WS-SECURITY into JAX-WS 2.0? It seems XMl digital signature has been slated for Mustang (J2SE 6.0), but it is necessary for J2EE 5.0/JAX-WS 2.0?

Thanks,
Hristo

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
pelegri
Offline
Joined: 2003-06-06
Points: 0

Sun does not have a roadmap that we can share at the moment but we are carefully listening to our customers and working with partners to assess what would be best.

With my JWSDP community hat on, the basic notion of the JWSDP is that of a collection of projects all working on the same core, so we certainly would welcome projects that built on what is available today to explore or implement other specifications. Or you can wait a bit longer while things settle on this area.

- eduard/o

hr_stoyanov
Offline
Joined: 2004-04-01
Points: 0

Thanks Eduardo-,
I am in the inital phase of exploring the WS-* security related stack. After reading some papers on the Microsoft site, it seems to me that WS-SECURITY is not very useful without WS-TRUST and WS-SECURECONVERSATION and SAML (I do not think WS-POLICY is crucial, though).

I do think these protocols would need some Java implementations and from your comments it does not seem J2EE will provide anything standard in near future.

I guess, I will stick with SSL/HTTPS for now to avoid any risks with security related WS-* protocols.

Hristo

kwalsh
Offline
Joined: 2003-06-10
Points: 0

XWSS 2.0 has moved to XMLDSIG/.JSR105 RI for signatures and plans to move to JSR 106 for encryption when
it gets released. So yes one using JAX-WS 2.0 with XWS 2.0 will need to use XMLDSIG

hr_stoyanov
Offline
Joined: 2004-04-01
Points: 0

Thanks.
What about the other WS-* security protocols: WS-TRUST, WS-SecureConversation SAML and XrML. Is there a roadmap of what to expect in JAX-WS in future? Are there JAVA.NET hosted OSS projects to provide some implementation?

Hristo

dims
Offline
Joined: 2003-06-13
Points: 0

Apache WSS4J has support for WS-Security, There is some code for WS-Trust and WS-SecureConversation as well.For SAML, u can use OpenSAML.

-- dims

hr_stoyanov
Offline
Joined: 2004-04-01
Points: 0

Thanks dims-,
How compatible is WSS4J with the upcoming Sun's JAX-WS 2.0 pack?

Hristo