WS-I Interop Event Report at Burton Catalyst

My pages	Projects	Communities	java.net

Search

Online Books:

java.net on MarkMail:

Advanced Search

Arun Gupta

Tango in Sun Net Talk | Main | NetBeans 6 M10 and Web Service Designer

WS-I Interop Event Report at Burton Catalyst

Posted by arungupta on July 2, 2007 at 9:13 PM PDT

As mentioned earlier, Sun Microsystems participated in an interoperability demo showcasing the WS-I Sample Application that supports the Basic Security Profile 1.0 (BSP1.0) at Burton Group's Catalyst Conference 2007 last week. Jiandong reported that the event went smoothly as expected. Microsoft, IBM, Novell and SAP also participated in the event and there were no glitches.

This version of Sample Application is built using WSIT integrated in GlassFish V2 and we tested interoperability with all the participating vendors. Here is a matrix from Sample Application Security Architecture Document that shows a summary of port-level security requirements for some of the operations:

Sender Ã Receiver	Operation	Message	Message Integrity	Authenti-cation	Confident-iality	Algorithm
Web Client Ã Retailer	getCatalog	getCatalog Request	WC X.509: Body, UNT, Timestamp	UNT-user, Cert Auth	R X.509: Body, Signature	Key: RSA 1.5, Data: AES 128, Digest: SHA1
Retailer Ã Web Client	getCatalog	getCatalog Response	R X.509: Body, Timestamp	Cert Auth	WC X.509: Body, Signature	Key: RSA 1.5, Data: AES 128, Digest: SHA1
Manufacturer n Ã Callback n	submitSN	SNSubmit	Mn X.509: Body, Config Header, Callback header, Timestamp	Cert Auth	Wn X.509: Body, Signature	Key: RSA 1.5, Data: AES 256, Digest: SHA1
Callback n Ã Manufacturer n	errorPO	ackPO	Wn X.509: Body, Timestamp	Cert Auth	None	Key: RSA 1.5, Digest: SHA1
Web Client Ã Retailer	getCatalogWith Images	getCatalogWith ImagesRequest	WC X.509: Body, UNT, Timestamp	UNT-user, Cert Auth	None	Key: RSA 1.5, Data: AES 128, Digest: SHA1
Retailer Ã Web Client	getCatalogWith Images	getCatalogWith ImagesResponse	R X.509: Body, Timestamp, Attachments	UNT-user, Cert Auth	WC X.509. Body, Signature	Key: RSA 1.5, Data: AES 128, Digest: SHA1
Web Client Ã Retailer	getProduct Details	getProduct DetailsRequest	WC X.509: Body, UNT, Timestamp	UNT-user, Cert Auth	None	Key: RSA 1.5, Data: AES 128, Digest: SHA1
Retailer Ã Web Client	getProduct Details	getProduct DetailsResponse	R X.509: Body, Timestamp, Attachments	Cert Auth	WC X.509. Body, Signature	Key: RSA 1.5, Data: AES 128, Digest: SHA1

This matrix shows Different key sizes (128 & 256), Profiles (X.509 and UsernameToken), Custom headers signing, Encrypting the signature and other features used for securing the sample app. Even though WSIT provides a much richer set of Security Profiles, these features represent a good mix of the commonly used options. And all of these are indeed supported by WSIT as well.

The Sample Apps Deliverables page shows the following list of platforms used by each vendor for their version of Secure Sample App:

Microsoft	WSE 3.0
IBM	WebSphere V6
Novell	WSSDK 6.1
SAP	NetWeaver 2004s Application Server Java Service Support Package Stack 7

And Sun's version of Secure Sample App, using WSIT in GlassFish V2, is interoperable with these.

Thanks to Harsha for porting the JAX-RPC-based Sample Application.

Technorati: burtongroup burtoncatalyst ws-i conf wsit glassfish webservices

arungupta's blog
Login or register to post comments
152 visits
Printer-friendly version