Updated: WS-Security Interop with Sun JWSDP 1.5


A few people have asked where the update is for WS-Security interop between WSE 2.0 and Sun’s JWSDP 1.5, which I mentioned in this post.  For those who are looking for this, I’ve uploaded the code to here.  Updated document will be on MSDN shortly…

Comments (6)

  1. Simon says:

    Rajesh – sorry I’ve been having some troubles with the ISP. Try now. Thanks.

  2. I think WS-Secure Conversation is the best tool for me to use in my service, but I can’t find any resources on the internet to tell me if any toolkit besides WSE 2.0 is secure conversation enabled (it doesn’t appear in JWSDP 1.5 doc either). Any thoughts ?

    Thanks in advance

    François Lemaire

  3. Simon says:

    I don’t know of any other toolkit apart from WSE that has a shipping implementation of WS-SecureConversation. I would be pleased to be proven wrong though!

  4. Thanks for your answer, I haven’t found anything and for the time being, I gave up. I’ll wait until the next release of JWSDP or perhaps the first release of WSS4J… I have another question related to this one : it seems like JWSDP 1.5 can sign requests only with a X509 certificate, and not with a Username Token (under the Sign tag in the security config file, you can only put Targets and an X509Token tag). Is that true ? If true, is there a workaround ? It’s such a pain to manage certificates, and I don’t need the added security they provide…

    Thanks in advance

    François Lemaire

  5. Simon says:

    Francois, interoperable signing with UsernameTokens is currently unsupported by many implementations. The WS-I BSP (Basic Security Profile) to help provide clarity in this area, which will in turn (I believe) produce momentum in this area.