[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

WebService and UsernameToken encryption



   Hi,

   i'm trying to connect to a webservice that uses ssl and usernametoken
   encryption (Oasis standard).

   [1]http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-to
   ken-profile-1.0.pdf


   My argument is that we do not need both ssl and usernametoken
   encryption, and that ssl gives the requiered security.

   Any thoughts about this?


   If this usernametoken encryption is needed, how can we implement it
   with httpapi?


   There is a project at Apache that implements Oasis WebService Security
   [2]http://ws.apache.org/wss4j/

   Any thoughts about implementing wss4j with httpapi?


   Best regards,

   Magne

References

   1. http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf
   2. http://ws.apache.org/wss4j/
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------