• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag
 

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Suggestions for secure web services direction?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Suggestions for secure web services direction?

  • Subject: Suggestions for secure web services direction?
  • From: Allen Cronce <email@hidden>
  • Date: Wed, 28 Sep 2005 08:24:51 -0700
Hi all,

We have an existing web services infrastructure that predates WO's support for web services (which I understand uses Axis under the hood). We're on the verge of extending our services to incorporate new features and I'm trying to determine the best way to proceed. I think that the choices are to a) just extend what we have (probably using Castor to help with the XML validation, marshaling and unmarshaling), b) scrap our older implementation and embrace WO's services support, or c) use some WO-agnostic hybrid of Axis and Castor (ala the IBM article on the subject).

The problem is that our current web services interface requires that the SOAP be digitally signed. Historically we've done this by embedding SOAP in a standard signed XML document. We went with this direction years ago because the signed XML standard was well defined at the time, while signed SOAP was not. In any case, all web services requests and responses consist of a SOAP method riding in a standard SOAP body/envelope, which in turn is embedded in a signed XML dsig element.

I'm concerned that if we go for a WO/Axis approach that we'd have to change our interface. I assume that any SOAP server approach will require us to use actual SOAP back and forth, which means we'd have to move both ourselves and our clients to signed SOAP (ala Oasis) instead of our SOAP in signed XML hybrid.

I think that this is definitely a good long term direction, it might be disruptive short term because all of our clients would have to change in order to support our new services. Of course it would probably be easier for any new customers to use our services since the "SOAP in a dsig" approach is non-standard.

Anyway, I would appreciate the sage advice of anyone who has had experience with web services implementation under WO. Also, any info on support for signed SOAP would be interesting.

Best regards,
--
Allen Cronce
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




    

  • Prev by Date:
java process not executing command

    • 

  • Next by Date:
Re: java process not executing command

    • 

  • Previous by thread:
Re: java process not executing command

    • 

  • Next by thread:
WOCookie value() returns quoted/parenthesized string not string

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •