WS-I Interop Event Report at Burton Catalyst
Posted by arungupta on July 3, 2007 at 12:13 AM EDT
 |
As mentioned earlier, Sun Microsystems participated in an interoperability demo showcasing the WS-I Sample Application that supports the Basic Security Profile 1.0 (BSP1.0) at Burton Group's Catalyst Conference 2007 last week. Jiandong reported that the event went smoothly as expected. Microsoft, IBM, Novell and SAP also participated in the event and there were no glitches. |
This version of Sample Application is built using WSIT integrated in GlassFish V2 and we tested interoperability with all the participating vendors. Here is a matrix from Sample Application Security Architecture Document that shows a summary of port-level security requirements for some of the operations:
|
Sender à Receiver |
Operation |
Message |
Message Integrity |
Authenti-cation |
Confident-iality |
Algorithm |
|
Web Client à Retailer |
WC X.509:
Body, |
UNT-user, Cert Auth |
R X.509: Body, Signature |
Key: RSA 1.5, Data: AES 128, Digest: SHA1 |
||
|
Retailer
à |
R X.509: Body, Timestamp |
Cert Auth |
WC X.509: Body, Signature |
Key: RSA 1.5, Data: AES 128, Digest: SHA1 |
||
|
Manufacturer n à Callback n |
SNSubmit |
Mn X.509:
Body, |
Cert Auth |
Wn X.509: Body, Signature |
Key: RSA 1.5, Data: AES 256, Digest: SHA1 |
|
|
Callback n à Manufacturer n |
ackPO |
Wn X.509: Body, Timestamp |
Cert Auth |
None |
Key: RSA 1.5, Digest: SHA1 |
|
|
Web Client à Retailer |
getCatalogWith |
WC X.509: Body, UNT, Timestamp |
UNT-user, Cert Auth |
None |
Key: RSA 1.5, Data: AES 128, Digest: SHA1 |
|
|
Retailer à Web Client |
getCatalogWith |
R X.509: Body, Timestamp, Attachments |
UNT-user, Cert Auth |
WC X.509. Body, Signature |
Key: RSA 1.5, Data: AES 128, Digest: SHA1 |
|
|
Web Client à Retailer |
getProduct
|
WC X.509: Body, UNT, Timestamp |
UNT-user, Cert Auth |
None |
Key: RSA 1.5, Data: AES 128, Digest: SHA1 |
|
|
Retailer
à |
getProduct |
R X.509: Body, Timestamp, Attachments |
Cert Auth |
WC X.509. Body, Signature |
Key: RSA 1.5, Data: AES 128, Digest: SHA1 |
This matrix shows Different key sizes (128 & 256), Profiles (X.509 and UsernameToken), Custom headers signing, Encrypting the signature and other features used for securing the sample app. Even though WSIT provides a much richer set of Security Profiles, these features represent a good mix of the commonly used options. And all of these are indeed supported by WSIT as well.
The Sample Apps Deliverables page shows the following list of platforms used by each vendor for their version of Secure Sample App:
| Microsoft | WSE 3.0 |
| IBM | WebSphere V6 |
| Novell | WSSDK 6.1 |
| SAP | NetWeaver 2004s Application Server Java Service Support Package Stack 7 |
And Sun's version of Secure Sample App, using WSIT in GlassFish V2, is interoperable with these.
Thanks to Harsha for porting the JAX-RPC-based Sample Application.
Technorati: burtongroup burtoncatalyst ws-i conf wsit glassfish webservices
Related Topics >>
Blog Links >>
- Login or register to post comments
- Printer-friendly version
- arungupta's blog
- 600 reads
