TAVERNA-1031: Export restrictions for Taverna Server
Project: http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/commit/810f8e31 Tree: http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/tree/810f8e31 Diff: http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/diff/810f8e31 Branch: refs/heads/master Commit: 810f8e31c49ae2d6e7c6f8cf674d334913ceea50 Parents: 49aed24 Author: Stian Soiland-Reyes <[email protected]> Authored: Fri Jan 12 18:28:54 2018 +0000 Committer: Stian Soiland-Reyes <[email protected]> Committed: Fri Jan 12 18:28:54 2018 +0000 ---------------------------------------------------------------------- README.md | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 55 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/blob/810f8e31/README.md ---------------------------------------------------------------------- diff --git a/README.md b/README.md index 0476ca9..64a0752 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ # Apache Taverna Server (incubating) REST/WSDL web service for executing -[Apache Taverna](http://taverna.incubator.apache.org/) (incubating) +[Apache Taverna](https://taverna.incubator.apache.org/) (incubating) workflows. @@ -42,7 +42,7 @@ details about embedded third-party libraries and source code. # Contribute Please subscribe to and contact the -[dev@taverna](http://taverna.incubator.apache.org/community/lists#dev) mailing list +[dev@taverna](https://taverna.incubator.apache.org/community/lists#dev) mailing list for any questions, suggestions and discussions about Apache Taverna. @@ -335,3 +335,56 @@ appear at within Tomcat (e.g., if you want it to be deployed at Taverna Server should then become available at the equivalent of http://localhost:8080/taverna-server/ + +# Export restrictions + +This distribution includes cryptographic software. +The country in which you currently reside may have restrictions +on the import, possession, use, and/or re-export to another country, +of encryption software. BEFORE using any encryption software, +please check your country's laws, regulations and policies +concerning the import, possession, or use, and re-export of +encryption software, to see if this is permitted. +See <http://www.wassenaar.org/> for more information. + +The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), +has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, +which includes information security software using or performing +cryptographic functions with asymmetric algorithms. +The form and manner of this Apache Software Foundation distribution makes +it eligible for export under the License Exception +ENC Technology Software Unrestricted (TSU) exception +(see the BIS Export Administration Regulations, Section 740.13) +for both object code and source code. + +The following provides more details on the included cryptographic software: + +* Taverna Server's `CertificateChainFetcher` uses + [Java Secure Socket Extension](https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html) + (JSS) to pre-fetch certificates of SSL-secured web services accessed by Taverna workflows. +* Taverna Server's support for propagating username/password credentials in + `SecurityContextFactory` relies on + [BouncyCastle](https://www.bouncycastle.org/) bcprov encryption library and + [Java Cryptography Extension](http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html) + (JCE) to generate a keystore for Taverna Command-line tool. + The [JCE Unlimited Strength Jurisdiction Policy](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html) + may need to be installed separately. +* Taverna Server may interact with the credential manager support in + [Apache Taverna Command-line Tool](https://taverna.incubator.apache.org/download/commandline/) + to provide a keystore of client credentials and trusted certificates for SSL-secured web services. +* After building, the + `taverna-server-webapp/target/taverna-server.war` will include + dependencies that are covered + by export restrictions, including: + [BouncyCastle](https://www.bouncycastle.org/) bcprov encryption library, + [Apache HttpComponents](https://hc.apache.org/) Core and Client, + [Apache Derby](http://db.apache.org/derby/), + [Jetty](http://www.eclipse.org/jetty/), + [Apache WSS4J](https://ws.apache.org/wss4j/), + [Apache XML Security for Java](https://santuario.apache.org/javaindex.html), + [Open SAML Java](https://shibboleth.net/products/opensaml-java.html), + [Apache Taverna Language](https://taverna.incubator.apache.org/download/language/), + [Apache Taverna OSGi](https://taverna.incubator.apache.org/download/osgi/), + [Apache Taverna Engine](https://taverna.incubator.apache.org/download/engine/), + [Apache Taverna Common Activities](https://taverna.incubator.apache.org/download/common-activities/), + and [Apache Taverna Command-line Tool](https://taverna.incubator.apache.org/download/commandline/).
