This post originated from an RSS feed registered with .NET Buzz by Christian Weyer. Original Post: Open Source Java implementation of WS-Security Feed Title: Christian Weyer: Web Services & .NET Feed URL: http://www.asp.net/err404.htm?aspxerrorpath=/cweyer/Rss.aspx Feed Description: Philosophizing about and criticizing the brave new world ... Latest .NET Buzz Posts Latest .NET Buzz Posts by Christian Weyer Latest Posts From Christian Weyer: Web Services & .NET

OK, it is very raw and when looking at the hard work the WSE team did so far one can hardly believe this project will be ready and available soon ... but it is a starting point for using WS-Security (part of it) in your Java apps without having to rely on IBM'S WSTK/ETTK - but still based on Apache Axis.

axis-wsse.sourceforge.net

Facts:

• BEA, IBM and Microsoft implemented a part or whole WS-Security spec
• dozen developers are asking on dev & user mailing list when the Axis project will implements this standard
• I'm finishing my thesis about web service, session management and authantication and I like to give my open source contribution

first objective:
Implements the ‹UsernameToken› spec (Web Service security UsernameToken Profile - working draft 4, 11 August 2003)

• without password
• clear password
• password digest
• password+nonce+timestamp digest

second objective:
Make some samples about web service operations that use UsernameToken.
ws.microsoft.com is a very small "gym" for start practicing

final destination:
implements all the WS-Security spec