• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

AXIS Security Transaction (Highest Protection)

 
Stan Sokolov
Ranch Hand
Posts: 120
Hibernate IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to implement the following security transaction using AXIS
Is it possible? If it is not Why ?
1.Clients creates a messages that is a parameter of the webservice call.
2.Client encrypts payload of message using server public key .
3.Clients add to message digital signature using X.509 managed certificate. (It is should be performed automatically to all outgoing clients messages)
4.Client establishes security SSL connection to the server.
5.Client calls appropriate webservice using HTTPS.
6.Server checks digital signature of input message. (It is should be performed automatically to all ingoing server messages)
7.Server decrypts payload of the message using server private key.
8.Server processes the message and creates replay message.
9.Server encrypts message using own private key.
10.Server attaches digital signature to the message.(It is should be performed automatically to all outgoing server messages)
11.Server returns response message back to the client.
12.Client checks server digital signature.(It is should be performed automatically to all ingoing clients messages)
13.Client decrypts payload of the message using server public key.
Scenario above represents the highest level of the security protection. It assumes that messages are protected by set of security keys.
1.Digital signature to authenticate server when establish SSL connection.
2.Digital signature to authenticate client when establish SSL connection
3.Asymmetric key's pair to encrypt SSL traffic between client and server.
4.Digital signature to be added to all outgoing messages on the client side
5.Digital signature to be added to all outgoing messages on the server side
6.Asymmetric key's pair to encrypt encrypt/decrypt payload of the messages.
Sorry. It is probably too long. If somebody has implemented something similar in practise?
 
Gareth Western
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This isn't a direct answer to your question, sorry, but have you looked at the Apache WSS4J project?
http://ws.apache.org/ws-fx/wss4j/
 
Balaji Loganathan
author and deputy
Bartender
Posts: 3150
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not sure but you can whether this book is covering your task or not.
 
Stan Sokolov
Ranch Hand
Posts: 120
Hibernate IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
About http://ws.apache.org/ws-fx/wss4j/
I have impression that this project is in the begining stage now. At least I didn't find files that are available for download (http://ws.apache.org/mirrors.cgi)
Correct me if I was wrong
 
Stan Sokolov
Ranch Hand
Posts: 120
Hibernate IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Couple of words regarding the book. From the begining thank you for the advice. I followed the link and found some positive and negative feed-backs. They should help me to make a desicion. It is always difficult to state the value of the book without reading couple of articles. I will have a look at this book in the bookstore. Thank you. Most of all I am intrested in some practical scenarios. Because from the theoretical standpoint there is complex of solutions but not all of these solutions probably match to my production environment that defintilty has perfomance and security constraints.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic