Arun Gupta, Miles to go ...
Arun Gupta is a technology enthusiast, a passionate runner, and a community guy who works for Sun Microsystems.
Monday July 02, 2007
WS-I Interop Event Report at Burton Catalyst
 |
As mentioned earlier, Sun Microsystems participated in an interoperability demo showcasing the WS-I Sample Application that supports the Basic Security Profile 1.0 (BSP1.0) at Burton Group's Catalyst Conference 2007 last week. Jiandong reported that the event went smoothly as expected. Microsoft, IBM, Novell and SAP also participated in the event and there were no glitches. |
This version of Sample Application is built using WSIT integrated in GlassFish V2 and we tested interoperability with all the participating vendors. Here is a matrix from Sample Application Security Architecture Document that shows a summary of port-level security requirements for some of the operations:
|
Sender à Receiver |
Operation |
Message |
Message Integrity |
Authenti-cation |
Confident-iality |
Algorithm |
|
Web Client à Retailer |
WC X.509:
Body, |
UNT-user, Cert Auth |
R X.509: Body, Signature |
Key: RSA 1.5, Data: AES 128, Digest: SHA1 |
||
|
Retailer
à |
R X.509: Body, Timestamp |
Cert Auth |
WC X.509: Body, Signature |
Key: RSA 1.5, Data: AES 128, Digest: SHA1 |
||
|
Manufacturer n à Callback n |
SNSubmit |
Mn X.509:
Body, |
Cert Auth |
Wn X.509: Body, Signature |
Key: RSA 1.5, Data: AES 256, Digest: SHA1 |
|
|
Callback n à Manufacturer n |
ackPO |
Wn X.509: Body, Timestamp |
Cert Auth |
None |
Key: RSA 1.5, Digest: SHA1 |
|
|
Web Client à Retailer |
getCatalogWith |
WC X.509: Body, UNT, Timestamp |
UNT-user, Cert Auth |
None |
Key: RSA 1.5, Data: AES 128, Digest: SHA1 |
|
|
Retailer àWeb Client |
getCatalogWith |
R X.509: Body, Timestamp, Attachments |
UNT-user, Cert Auth |
WC X.509. Body, Signature |
Key: RSA 1.5, Data: AES 128, Digest: SHA1 |
|
|
Web Client à Retailer |
getProduct
|
WC X.509: Body, UNT, Timestamp |
UNT-user, Cert Auth |
None |
Key: RSA 1.5, Data: AES 128, Digest: SHA1 |
|
|
Retailer
à |
getProduct |
R X.509: Body, Timestamp, Attachments |
Cert Auth |
WC X.509. Body, Signature |
Key: RSA 1.5, Data: AES 128, Digest: SHA1 |
This matrix shows Different key sizes (128 & 256), Profiles (X.509 and UsernameToken), Custom headers signing, Encrypting the signature and other features used for securing the sample app. Even though WSIT provides a much richer set of Security Profiles, these features represent a good mix of the commonly used options. And all of these are indeed supported by WSIT as well.
The Sample Apps Deliverables page shows the following list of platforms used by each vendor for their version of Secure Sample App:
| Microsoft | WSE 3.0 |
| IBM | WebSphere V6 |
| Novell | WSSDK 6.1 |
| SAP | NetWeaver 2004s Application Server Java Service Support Package Stack 7 |
And Sun's version of Secure Sample App, using WSIT in GlassFish V2, is interoperable with these.
Thanks to Harsha for porting the JAX-RPC-based Sample Application.
Technorati: burtongroup burtoncatalyst ws-i conf wsit glassfish webservices
Posted by Arun Gupta in webservices | Comments[0]
|
|
|
|
|
| |
Hear Sun's Executive Vice President and CTO Greg Papadopoulos and Harold Carr talk about Project Tango in this edition of Sun Net Talk. The talk provides a progress report on Sun and Microsoft legendary partnership announced 3 years ago and is appropriately titled "Sun Delivers Microsoft Interoperability Year 3".
Project Tango provides an implementation of key enterprise Web services specifications, commonly known as WS-*, and integrated in GlassFish V2.
Greg talks about Project Tango on slide 5 starting at 4 min, 38 seconds (4:38). And then Harold provides a detailed overview from slide 13 through 19. Greg calls Project Tango as "the biggest object of our affection" and it truly is :)
After you provide your email, you can download slides as well.
Technorati: sun wsit webservices
Posted by Arun Gupta in webservices | Comments[2]
|
|
|
|
|
| |
This is a personal weblog, I do not speak for my employer.
