December 2003 - Posts
Sorry for my readers interested solely in technology, this time I have a quite unusal post here:
Who knows where Chris Dix is? Unfortunately, he does not respond to any emails for months now ... we have been in contact for a very, very, very exciting project. And maybe you out there can imagine the power of some few tools when they are ready and in your hand ...
Last thing I know is that he had to move due to a job change.
Please Chris - wave your hand!
Yet another Java open source WS-Security implementation: WSS4J
WSS4J is a Java library that can be used to sign and verify SOAP Messages with WS-Security information. WSS4J will use Apache Axis and Apache XML-Security projects and will be interoperable with JAX-RPC based server/clients and .NET server/clients.
Davanum Srinivas left a comment in my last post:
It's far ahead in terms of WS-Security UserNameToken Profile and X509 Profile (code and sample is in WSS4J's CVS).
Check it out, you Java geeks.
The Apache group is working on the next major release of the open source Java Web services libraries called Axis. You can download version 1.2 alpha from their server.
Axis 1.1 has proven itself to be a reliable and stable base on which to implement Java Web Services. There is a very active user community and there a many companies who use Axis for Web Service support in their products.
For Axis 1.2, we are focusing on our document/literal support to better address the WS-I Basic Profile 1.0 and JAX-RPC 1.1 specifications. And we are fixing as many bug as possible.
OK, it is very raw and when looking at the hard work the WSE team did so far one can hardly believe this project will be ready and available soon ... but it is a starting point for using WS-Security (part of it) in your Java apps without having to rely on IBM'S WSTK/ETTK - but still based on Apache Axis.
axis-wsse.sourceforge.net
Facts:
- BEA, IBM and Microsoft implemented a part or whole WS-Security spec
- dozen developers are asking on dev & user mailing list when the Axis project will implements this standard
- I'm finishing my thesis about web service, session management and authantication and I like to give my open source contribution
first objective:
Implements the ‹UsernameToken› spec (Web Service security UsernameToken Profile - working draft 4, 11 August 2003)
- without password
- clear password
- password digest
- password+nonce+timestamp digest
second objective:
Make some samples about web service operations that use UsernameToken.
ws.microsoft.com is a very small "gym" for start practicing
final destination:
implements all the WS-Security spec
Kevin works
hard on getting his
WSE MSMQ channel ready and working for the release of WSE 2.0. And obviously
Hervey seems to like his work so far.
Now that *is good* news, definitely. We surely need an asynchronous messaging mechanism in a Web services environment like WSE to enable a bunch of use cases in a SOA. And
Indigo will be prepared, for sure.
The WS-I.org published a demo application showing Web services interoperability between different vendors.
A first draft of the WS-I Sample Application is now available. Sample web service implementations from ten vendors and on a variety of platforms may be downloaded for review. These drafts have been submitted for approval by the WS-I Board, and are currently in their final review cycle.
If you like to see this Supply Chain Sample Applications demo, check out the WS-I.org website. Companies participating include BEA Systems, Bowstreet, Corillian, IBM, Microsoft, Novell, Oracle, Quovadx, SAP, and Sun Microsystems.
New version 1.2 of IBM's Emerging Technology Toolkit (ETTK, which hosts the WSTK, Web services Toolkit) now contains support for Service Data Objects (SDO), Policy-Based IT Management Demo, Semantic Web Services, Autonomic Computing Toolset, WS-Manageability demo, WS-Trust, WS-Addressing, Web Services Failure Recovery, and Service Domain technology.
Did you ever ask yourself "How do I build a Service Oriented Architecture (SOA) with .NET?" Today there seems no clear answer to that question. Project Shadowfax just exists to answer this very question at a practical level.
Microsoft just released an early version of ShadowFax. Ron Jacobs is the lead of this project which is available in a M0.1 Pre-Alpha Source Code build. They are building it because customers are asking for it. Market analysts are predicting that by 2006 SOA will be mainstream in most large enterprises. Customers have been asking for guidance about how to implement SOA using the existing products and platform. If Microsoft doesn't provide this type of guidance, many customers will simply have to learn by trial and error how to be successful with SOA.
Shadowfax is a reference solution for building service oriented architecture with the .NET Framework. It includes 3 main pieces
- A reusable framework which consists of full source code and reference documentation
- A reference implementation consisting of several use cases from a fictional bank
- An architecture guide which defines what we believe the key elements of SOA to be
What about the relationship between Indigo and ShadowFax? Here is the answer from one of the team members:
Generally we regularly review Indigo and other upcoming technologies from MS that will help support implementing SOA systems. We're in the fortunate position of being able to review their plans long before public announcements, so it makes it easier to think about them early.
The Indigo technologies are on a later timeline then the Shadowfax project, so we won't be able to use Indigo technologies in Shadowfax. However, with Shadowfax we're trying to be consistent conceptually with future technologies while at the same time showing you how to do effective SOA with our existing technologies.
If you are interested in playing with ShadowFax be sure to check out the How-To samples.
More Posts