osdir.com
mailing list archive

Subject: Re: WS-Security Support - msg#00047

List: php.nusoap.general

Date: Prev Next Index Thread: Prev Next Index
NuSOAP does not support WS-Security. It would be a large enough undertaking
that I don't imagine full WS-Security support any time soon, although there is
the possibility of a subset, such as signing, being implemented.

To my knowledge, there is no truly similar security spec for SOAP. WS-Security
will become the standard, although many sites will not support it now. I think
MSFT still pacakges WS-Security with Web Services Enhancements, so WS-Security
is not part of the standard .NET libraries. WSE only runs on .NET 2.0.
Therefore, sites using .NET 1.1 or which are suspicious of anything not in the
standard .NET libraries will not be supporting WS-Security right now.
Likewise, folks using NuSOAP, SOAP::Lite, gSOAP, or a number of Java products
will not have WS-Security available to them.

I would say the best supported and most common bi-directional Web services
security mechanism in place is SSL with client certificates. This provides
identification of both client and server, with encryption to protect message
contents.

Scott Nichol

Do not send e-mail directly to this e-mail address,
because it is filtered to accept only mail from
specific mail lists.
----- Original Message -----
From: "Jeraimee Hughes" <jhughes@xxxxxxxxxxx>
To: <nusoap-general@xxxxxxxxxxxxxxxxxxxxx>
Sent: Monday, May 23, 2005 11:49 AM
Subject: [Nusoap-general] WS-Security Support


> I'm just learning about the WS-Security specification(s) and I'm
> hoping to use NuSOAP for my new services but the word from above is
> that I must support either WS-Security or another similar security
> method.
>
> Any advice, hints, etc. for using NuSOAP in this way?
>
> ---
> Jeraimee Hughes
> Director of System Architecture
> Revelex, Inc.
> 561.988.5588
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Oracle Space Sweepstakes
> Want to be the first software developer in space?
> Enter now for the Oracle Space Sweepstakes!
> http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
> _______________________________________________
> Nusoap-general mailing list
> Nusoap-general@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/nusoap-general
>


-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_idt12&alloc_id344&op=click


Was this page helpful?
Yes No
Thread at a glance:

Previous Message by Date: click to view message preview

WS-Security Support

I'm just learning about the WS-Security specification(s) and I'm hoping to use NuSOAP for my new services but the word from above is that I must support either WS-Security or another similar security method. Any advice, hints, etc. for using NuSOAP in this way? --- Jeraimee Hughes Director of System Architecture Revelex, Inc. 561.988.5588 ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click

Next Message by Date: click to view message preview

RE: NuSoap and Soap Digital Signature support

Huuummm Paul, I don't know if you understood the issue behind my question... Nevertheless I was referring to this: http://www.w3.org/TR/2001/NOTE-SOAP-dsig-20010206/ There is other issue... Digital signature and encryption are two different things... While the first ensures authentication and non-repudiation, the second offers privacy. There may be the need just to sign the SOAP message, whiteout ciphering the message itself. Ok but this is not the issue. The issue is that I'm trying to build something like the recommendation in the above URL and I wanted to know if someone has tried to do it with Nusoap. Best regards, Carlos Serrão ISCTE/DCTI Lecturer, Adetti Vice-President, PhD Student Email: carlos.serrao@xxxxxxxx Adetti / ISCTE / DCTI Ed. ISCTE - Av. Das Forças Armadas, Lisboa 1600-082, LISBOA, PORTUGAL Tel: + 351 217 826 480 / + 351 217 903 989 Fax: + 351 217 826 488 http://www.iscte.pt http://www.adetti.pt http://www.carlosserrao.net http://drm.carlosserrao.net http://php.carlosserrao.net > -----Original Message----- > From: Paul Reinheimer [mailto:preinheimer@xxxxxxxxx] > Sent: domingo, 22 de Maio de 2005 14:34 > To: carlos.j.serrao@xxxxxxxxx > Subject: Re: [Nusoap-general] NuSoap and Soap Digital > Signature support > > Hi, > > Unfortunatly I don't know the answer to your question, but > you've piqued my interest! What API requires that you > digitally sign your requests? It seems like an ... odd > choice, if the API is going to require the user to process > the entire message, why not just encrypt it? They present > comparable levels of CPU load, and the message is only > destined for a single recipiant. > > You can grab the entire request with: $soapclient->request I > think that will work even before you send it. However you > will probably need to do some processing there, since you > only want to digitally sign the body (You can't digitally > sign the entire request, since you seek to put the signature > in the soap header). If this is for an API you are designing > I would suggest moving the signature to the HTTP header, that > way it can be calculated on both ends without any > pre-processing, and can guarantee that the entire request has > remained unchanged. > > > paul > > > > > On 5/20/05, Carlos Serrao <carlos.j.serrao@xxxxxxxxx> wrote: > > > > Hi all, > > is it possible to use NuSoap to generate a digitally signed > SOAP message? > > > > I think there is the possibility to modify a SOAP header to include > > the digital signature... any idea if this is the way to go? > > > > Best regards and thanks for the help. > > > > > > > > > > Carlos Serrão > > ISCTE/DCTI Lecturer, Adetti Vice-President, PhD Student > > Email: carlos.serrao@xxxxxxxx > > > > Adetti / ISCTE / DCTI > > Ed. ISCTE - Av. Das Forças Armadas, Lisboa 1600-082, > LISBOA, PORTUGAL > > Tel: + 351 217 826 480 / + 351 217 903 989 Fax: + 351 217 826 488 > > http://www.iscte.pt http://www.adetti.pt > http://www.carlosserrao.net > > http://drm.carlosserrao.net http://php.carlosserrao.net > > > > > > > > > -- > Paul Reinheimer > Zend Certified Engineer > ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_idt12&alloc_id344&op=click

Previous Message by Thread: click to view message preview

WS-Security Support

I'm just learning about the WS-Security specification(s) and I'm hoping to use NuSOAP for my new services but the word from above is that I must support either WS-Security or another similar security method. Any advice, hints, etc. for using NuSOAP in this way? --- Jeraimee Hughes Director of System Architecture Revelex, Inc. 561.988.5588 ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click

Next Message by Thread: click to view message preview

SOAP Headers

HI all, I'm sending a specific header with a SOAP message to a web-service: <?php /* TODO: Add code here */ require_once('lib/nusoap.php'); $parameters = array( "param1" => "uma coisa qq 1", "param2" => "uma coisa qq 2", ); $soapclient = new soapclient('http://localhost/WS/ws.php'); $soapclient->setHeaders("<xpto>isto é um header</xpto>"); $result = $soapclient->call('testMsg', $parameters); echo '<xmp>'.$soapclient->request.'</xmp>'; echo "ANSWER:"; echo '<xmp>'.$soapclient->response.'</xmp>'; ?> I'm using the setHeader function... How do i access the soap header on the web-service side???? <?php /* TODO: Add code here */ require_once('lib/nusoap.php'); $NAMESPACE = "http://www.adetti.pt/opensdrmws"; $ws = new soap_server(); $ws->debug_flag=false; $ws->configureWSDL('opensdrmws', $NAMESPACE); $ws->wsdl->schemaTargetNamespace = $NAMESPACE; // Registration of the services provided $ws->register('testMsg', array('param1' => 'xsd:string', 'param2' => 'xsd:string'), array('result_message' => 'xsd:string'), $NAMESPACE); //$header = $ws->headers; function testMsg($param1, $param2) { //>>> HERE I WOULD LIKE TO ACCESS THE HEADER >>>> return "+OK"; } // termina o web-service $ws->service($HTTP_RAW_POST_DATA); exit(); ?> Can you help me? Best regards, Carlos Serrão ISCTE/DCTI Lecturer, Adetti Vice-President, PhD Student Email: carlos.serrao@xxxxxxxx <mailto:carlos.serrao@xxxxxxxx> Adetti / ISCTE / DCTI Ed. ISCTE - Av. Das Forças Armadas, Lisboa 1600-082, LISBOA, PORTUGAL Tel: + 351 217 826 480 / + 351 217 903 989 Fax: + 351 217 826 488 http://www.iscte.pt <http://www.iscte.pt/> http://www.adetti.pt <http://www.adetti.pt/> http://www.carlosserrao.net <http://www.carlosserrao.net/> http://drm.carlosserrao.net <http://drm.carlosserrao.net/> http://php.carlosserrao.net <http://php.carlosserrao.net/> ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_idt12&alloc_id344&op=click
Loading Comments...
Home | News | Patents | Sitemap | FAQ | advertise

Advertising by