Tuesday Nov 21, 2006
Wednesday Nov 15, 2006
By narayanaa on Nov 15, 2006
Due to vendor agreement and some diligent work in standards organizations such as OASIS and the W3C. Mature specifications have emerged and have become (or are now on their way to becoming) standards. As a
result, many standards-based Web service security toolkits and
implementations have been shipped that allow developers to build solutions quickly.
Now that there are accepted standards -
such as WS-Security and its associated token profiles used for identity
propagation (WS-Security SAML Token Profile, WS-Security X.509 Token
Profile, WS-Security Username Token Profile) - as well as emerging
specifications in standards bodies (WS-SecureConversation, etc.), there
should no longer be any reason to create a home-grown security
messaging syntax. Certainly, you must be able to understand the purpose and use of these standards and specifications in order to meet your security requirements. In addition to the problems that you will have down the
road involving lack of interoperability with other systems, any
nonstandard solution created by wannabe cryptographers will most likely have security vulnerabilities that could come back to haunt you in very ugly ways.
We have standards for a reason - embrace them.
I was part of Sun R&D in Java CAPS and later Glassfish ESB. I moved from R&D to Consulting. I am currently working as a Solution Architect in Oracle Consulting Services (India). I was sharing my experience w.r.t. Java CAPS and other technologies during Sun period. Now in Oracle world I share my experiences with Oracle FMW product line as well as other Oracle Technologies and products.
- Living out of Oracle Unbreakable Linux on your laptop!
- GlassFish Cluster Installation Tips
- Glassfish Update Tool on MAC OS
- Running Open MQ with Java CAPS Server and accessing the same in eManager
- Glassfish Startup problem -- /etc/hosts entry
- Java CAPS tip on Open Solaris
- Day 2: Sun Tech Days - Hyderabad
- Sun Tech days Day 1 at Hyderabad
- Glassfish Portfolio Announced