WS-Trust in WSIT

Project Tango is a Sun initiative focused on delivering interoperable Web services technologies. Web Services Interoperability Technology (WSIT) is an open-source implementation of next generation Web services technologies that deliver interoperability between Java EE and .Net to help you build, deploy, and maintain Composite Applications for your Service Oriented Architecture. It is focused on four main categories: Messaging, Metadata, Security, and Quality-of-Service (QoS).

The main standard for security in Web Services is WS-Security. WS-Security introduces the concept of security tokens for encoding secuirty information for the purpose of authentication, auththrization, confidentiality, integrity, etc, of  messages exchanged. It also defines the mechanism of carrying security token with the messages for message level security. WS-Trust is introduced to address the issues when the security tokens are not consumed by the service provider. This is the case, for example, when the Web Service client and the Web Service provider sit in different security domains and have no direct trust relationships. The protocols defined in WS-Trust allow for establishing a Security Token Service as a trust authority for brokering trust among Web Services consumers and Web Services providers.

Project Tango provide a general framework for building a Security Token Service based on any existing authentication, authorization and identity management system. The integration of WS-Trust into WS-Security framework makes it transparent to applications for using Security Token Service on top of WS-Security to secure Web Services.

All the policy elements and configurable parameters for this can be set using the netbeans attributes editor. The editor simplifies to a great extent the otherwise difficult job of writing the wsdl (wsit.xml) and the client side configuration (wsit-client.xml) with correct policies.

It is also a great learning experience to use this combination of Netbeans + glassfish + WSIT for those who want to learn about webservices standards. Download , use , learn and participate in it.

Comments:

So.... is it possible to implement WS-Security/WS-Trust in pre-JavaEE5/WSIT web services?

Posted by scott queen on May 26, 2006 at 02:03 PM IST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

harsha

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today