----- Original Message ----- From: "Jason Essington" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 18, 2002 11:48 AM Subject: Re: SOAP over SMTP
> Licenses, especially the open source type confuse me :-/ closed source licenses dont have any incorporation policies so there is simplicity in not being able to do things. Axis uses the BSD 'do what you like' license, GPL mandates open source forever, and the two are not compatible. GPL code cant be brought into the Axis codebase, though there is nothing to stop you adding it on afterwards. > As I am currently the only author of these classes I don't suppose that > would be a problem. not yet... > > > > > Otherwise, when you are ready, come onto axis-dev and start discussing > > it. > > I'd quite like SMTP support where the server could actually poll a POP3 > > mailbox for messages as well as hook into things like James or other > > mail > > systems. If we do it that way you dont need integral SMTP in your web > > service, you just need to configure it to fetch mail from somewhere > > using > > the mailapi. > > > > This is pretty much exactly what I am currently doing. The email > details are handled by the javamail api. An email session (with default > store and transport) is looked up in jndi. > > Really the difficult part about an email transport is > authenticating(and optionally securing) the message. HTTP is easy there > is basic or digest authentication and security can be had by using > HTTPS, but none of this is possible via email (SMTP). So, I have > figured that authentication and security (encryption) could be handled > with the help of the apache XML-Security library. I am still working > out the details, but I think if it is done properly, messages sent via > email could be at least as secure as messages traveling via HTTPS. > > I am curious if their is already an effort to implement XML-Security > into AXIS in a transport agnostic sort of way? The starting place would seem to be the SOAP1.2 SOAP over SMTP spec, and the WS-I stuff on WS-Security. Essentially a SOAP message can be signed and encrypted regardless of transport, and Axis already supports that when built with xml-security. SMTP transport should just hand off those details to axis itself
