X

WS-I Interop Event Report at Burton Catalyst

Guest Author






As mentioned


earlier
, Sun Microsystems participated

in an interoperability demo showcasing  the WS-I


Sample Application
that supports the


Basic Security Profile 1.0
(BSP1.0) at

Burton Group's

Catalyst Conference 2007
last week. Jiandong


reported
that the event went smoothly as expected. Microsoft,

IBM, Novell and SAP also participated in the event and there were no

glitches.

This version of Sample Application is built using WSIT integrated in

GlassFish V2 and we tested
interoperability with all the participating vendors. Here is a matrix from

Sample Application Security Architecture Document
that shows a summary of
port-level security requirements for some of the operations:






















































































Sender à Receiver

Operation


Message


Message Integrity

Authenti-cation

Confident-iality

Algorithm

Web

Client à Retailer


getCatalog


getCatalog

Request

WC X.509:

Body,

UNT, Timestamp

UNT-user,

Cert Auth

R X.509:

Body, Signature

Key: RSA

1.5, Data: AES 128, Digest: SHA1

Retailer

à

Web Client


getCatalog


getCatalog

Response

R X.509:

Body, Timestamp

Cert Auth


WC X.509:

Body, Signature

Key: RSA

1.5, Data: AES 128, Digest: SHA1

Manufacturer n à

Callback n


submitSN

SNSubmit


Mn X.509:

Body,

Config Header, Callback header, Timestamp

Cert Auth


Wn X.509:

Body, Signature

Key: RSA

1.5, Data: AES 256, Digest: SHA1

Callback

n à Manufacturer n


errorPO

ackPO


Wn X.509:

Body, Timestamp

Cert Auth


 None


Key: RSA

1.5, Digest: SHA1

Web

Client à Retailer


getCatalogWith

Images

getCatalogWith

ImagesRequest

WC X.509:

Body, UNT, Timestamp

UNT-user,

Cert Auth

None


Key: RSA

1.5, Data: AES 128, Digest: SHA1

Retailer

àWeb Client


getCatalogWith

Images

getCatalogWith

ImagesResponse

R X.509:

Body, Timestamp, Attachments

UNT-user,

Cert Auth

WC X.509.

Body, Signature

Key: RSA

1.5, Data: AES 128, Digest: SHA1

Web

Client à Retailer


getProduct

Details

getProduct

DetailsRequest


 


WC X.509:

Body, UNT, Timestamp

UNT-user,

Cert Auth

None


Key: RSA

1.5, Data: AES 128, Digest: SHA1

Retailer

à

Web Client


getProduct

Details

getProduct

DetailsResponse

R X.509:

Body, Timestamp, Attachments

Cert Auth


WC X.509.

Body, Signature

Key: RSA

1.5, Data: AES 128, Digest: SHA1

This matrix shows Different key sizes (128 & 256), Profiles (X.509 and
UsernameToken), Custom headers signing, Encrypting the signature and other
features used for securing the sample app. Even though WSIT provides a much
richer set of Security Profiles, these features represent a good mix of the
commonly used options. And all of these are indeed supported by WSIT as well.

The
Sample Apps Deliverables page
shows the following list of platforms used by
each vendor for their version of Secure Sample App:




















Microsoft
WSE 3.0


IBM
WebSphere V6


Novell
WSSDK 6.1


SAP
NetWeaver 2004s Application Server Java Service

Support Package Stack 7

And Sun's version of Secure Sample App, using WSIT in GlassFish V2, is
interoperable with these.

Thanks to Harsha for porting the

JAX-RPC-based Sample Application
.

Technorati:
burtongroup

burtoncatalyst
ws-i
conf
wsit
glassfish

webservices

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.