Skip to main content

WS-I Interop Event Report at Burton Catalyst

Posted by arungupta on July 2, 2007 at 9:13 PM PDT
As mentioned

earlier
, Sun Microsystems participated
in an interoperability demo showcasing  the WS-I

Sample Application
that supports the

Basic Security Profile 1.0
(BSP1.0) at
Burton Group's
Catalyst Conference 2007
last week. Jiandong

reported
that the event went smoothly as expected. Microsoft,
IBM, Novell and SAP also participated in the event and there were no
glitches.

This version of Sample Application is built using WSIT integrated in
GlassFish V2 and we tested
interoperability with all the participating vendors. Here is a matrix from

Sample Application Security Architecture Document
that shows a summary of
port-level security requirements for some of the operations:

Sender à Receiver

Operation

Message

Message Integrity

Authenti-cation

Confident-iality

Algorithm

Web
Client à Retailer


getCatalog


getCatalog

Request

WC X.509:
Body,

UNT, Timestamp

UNT-user,
Cert Auth

R X.509:
Body, Signature

Key: RSA
1.5, Data: AES 128, Digest: SHA1

Retailer
à

Web Client


getCatalog


getCatalog

Response

R X.509:
Body, Timestamp

Cert Auth

WC X.509:
Body, Signature

Key: RSA
1.5, Data: AES 128, Digest: SHA1

Manufacturer n à
Callback n


submitSN

SNSubmit

Mn X.509:
Body,

Config Header, Callback header, Timestamp

Cert Auth

Wn X.509:
Body, Signature

Key: RSA
1.5, Data: AES 256, Digest: SHA1

Callback
n à Manufacturer n


errorPO

ackPO

Wn X.509:
Body, Timestamp

Cert Auth

 None

Key: RSA
1.5, Digest: SHA1

Web
Client à Retailer


getCatalogWith

Images

getCatalogWith

ImagesRequest

WC X.509:
Body, UNT, Timestamp

UNT-user,
Cert Auth

None

Key: RSA
1.5, Data: AES 128, Digest: SHA1

Retailer
àWeb Client


getCatalogWith

Images

getCatalogWith

ImagesResponse

R X.509:
Body, Timestamp, Attachments

UNT-user,
Cert Auth

WC X.509.
Body, Signature

Key: RSA
1.5, Data: AES 128, Digest: SHA1

Web
Client à Retailer


getProduct

Details

getProduct

DetailsRequest

 

WC X.509:
Body, UNT, Timestamp

UNT-user,
Cert Auth

None

Key: RSA
1.5, Data: AES 128, Digest: SHA1

Retailer
à

Web Client


getProduct

Details

getProduct

DetailsResponse

R X.509:
Body, Timestamp, Attachments

Cert Auth

WC X.509.
Body, Signature

Key: RSA
1.5, Data: AES 128, Digest: SHA1

This matrix shows Different key sizes (128 & 256), Profiles (X.509 and
UsernameToken), Custom headers signing, Encrypting the signature and other
features used for securing the sample app. Even though WSIT provides a much
richer set of Security Profiles, these features represent a good mix of the
commonly used options. And all of these are indeed supported by WSIT as well.

The
Sample Apps Deliverables page
shows the following list of platforms used by
each vendor for their version of Secure Sample App:


Microsoft
WSE 3.0

IBM
WebSphere V6

Novell
WSSDK 6.1

SAP
NetWeaver 2004s Application Server Java Service
Support Package Stack 7

And Sun's version of Secure Sample App, using WSIT in GlassFish V2, is
interoperable with these.

Thanks to Harsha for porting the

JAX-RPC-based Sample Application
.

Technorati:
burtongroup

burtoncatalyst
ws-i
conf
wsit
glassfish

webservices

Related Topics >>