Open Source Java implementation of WS-Security
OK, it is very raw and when looking at the hard work the WSE team did so far one can hardly believe this project will be ready and available soon ... but it is a starting point for using WS-Security (part of it) in your Java apps without having to rely on IBM'S WSTK/ETTK - but still based on Apache Axis.
axis-wsse.sourceforge.net
Facts:
- BEA, IBM and Microsoft implemented a part or whole WS-Security spec
- dozen developers are asking on dev & user mailing list when the Axis project will implements this standard
- I'm finishing my thesis about web service, session management and authantication and I like to give my open source contribution
first objective:
Implements the ‹UsernameToken› spec (Web Service security UsernameToken Profile - working draft 4, 11 August 2003)
- without password
- clear password
- password digest
- password+nonce+timestamp digest
second objective:
Make some samples about web service operations that use UsernameToken.
ws.microsoft.com is a very small "gym" for start practicing
final destination:
implements all the WS-Security spec