Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.0 M1
    • Component/s: Core
    • Labels:
      None

      Description

      WS-Security support is one the most requested features for Spring-WS. While implementing this new feature, we should focus on the features included in WS-I's Basic Security profile.

      Since Spring already has an excellent security framework in the form of Acegi, it seems best to leverage it. Furthermore, we can probably use Apache's WSS4J framework to handle the message.

      Some links:
      SOAP Message Security 1.0 Specification: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf
      Username Token profile V1.0: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf
      X.509 Token Profile V1.0: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf
      WS-I Basic Security Profile: http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html
      Apache's WSS4J: http://ws.apache.org/wss4j/

        Attachments

          Activity

            People

            • Assignee:
              arjen.poutsma Arjen Poutsma
              Reporter:
              arjen.poutsma Arjen Poutsma
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: