In .-1 I am asking some questions regarding interoperability of Security. WSS10 and WSS11 and WS-Security and WS-TRUST etc. WS-*
Part of the potential answers are shown below. Now - I would like to know from Axis2 / Rampart Experts, The map from WCF WS-Security Models indicated below (supported by example code) to Axis2 / Rampart Models? "In particular which MS Approach shall I take to match a possible Axis2 WS-Security approach/policy/implementation?" I must be able to encrypt the password for transport to the server, there - I need access to the clear text password for login at the servers legacy part using the OpenVMS UAF (user authentication/authorization facility). That's it. So - Which model supports what I want? i.e. Message Security with username Client example shows how to make the service authenticating toward the client with a X509 certificate, (not what I need) while the client sends the password encrypted (guess it is what I need) but can I have it without the X509 stuff from the server? Josef Good references at MS MSDN the following was taken from http://msdn.microsoft.com/en-us/library/ms730301.aspx Common Security Scenarios .NET Framework 4 Other Versions <javascript:;> .NET Framework 3.5 <http://msdn.microsoft.com/en-us/library/ms730301(v=VS.90).aspx> * .NET Framework 3.0 <http://msdn.microsoft.com/en-us/library/ms730301(v=VS.85).aspx> The topics in this section catalog a number of possible client and service security configurations. Configurations vary according to a number of factors. For example, whether a service or client is on an intranet, or whether the security is provided by Windows or transport (such as HTTPS). In This Section Internet Unsecured Client and Service <http://msdn.microsoft.com/en-us/library/ms733091.aspx> An example of a public, unsecured client and service. Intranet Unsecured Client and Service <http://msdn.microsoft.com/en-us/library/ms734784.aspx> A basic Windows Communication Foundation (WCF) service developed to provide information on a secure private network to a WCF application. Transport Security with Basic Authentication <http://msdn.microsoft.com/en-us/library/ms733775.aspx> The application allows clients to log on using custom authentication. Transport Security with Windows Authentication <http://msdn.microsoft.com/en-us/library/ms733089.aspx> Shows a client and service secured by Windows security. Transport Security with an Anonymous Client <http://msdn.microsoft.com/en-us/library/ms729789.aspx> This scenario uses transport security (such as HTTPS) to ensure confidentiality and integrity. Transport Security with Certificate Authentication <http://msdn.microsoft.com/en-us/library/ms731074.aspx> Shows a client and service secured by a certificate. Message Security with an Anonymous Client <http://msdn.microsoft.com/en-us/library/ms733938.aspx> Shows a client and service secured by WCF message security. Message Security with a User Name Client <http://msdn.microsoft.com/en-us/library/ms731058.aspx> The client is a Windows Forms application that allows clients to log on using a domain user name and password. Message Security with a Certificate Client <http://msdn.microsoft.com/en-us/library/ms733098.aspx> Servers have certificates, and each client has a certificate. A security context is established through Transport Layer Security (TLS) negotiation. Message Security with a Windows Client <http://msdn.microsoft.com/en-us/library/ms729709.aspx> A variation of the certificate client. Servers have certificates, and each client has a certificate. A security context is established through TLS negotiation. Message Security with a Windows Client without Credential Negotiation <http://msdn.microsoft.com/en-us/library/ms735117.aspx> Shows a client and service secured by a Kerberos domain. Message Security with Mutual Certificates <http://msdn.microsoft.com/en-us/library/ms733102.aspx> Servers have certificates, and each client has a certificate. The server certificate is distributed with the application and is available out of band. Message Security with Issued Tokens <http://msdn.microsoft.com/en-us/library/ms789013.aspx> Federated security that enables the establishment of trust between independent domains. Trusted Subsystem <http://msdn.microsoft.com/en-us/library/ms730288.aspx> A client accesses one or more Web services that are distributed across a network. The Web services access additional resources (such as databases or other Web services) that must be secured. Reference System.ServiceModel <http://msdn.microsoft.com/en-us/library/system.servicemodel.aspx> Related Sections Authorization <http://msdn.microsoft.com/en-us/library/ms733071.aspx> Security Overview <http://msdn.microsoft.com/en-us/library/ms735093.aspx> Windows Communication Foundation Security <http://msdn.microsoft.com/en-us/library/ms732362.aspx> Bindings and Security <http://msdn.microsoft.com/en-us/library/ms731172.aspx> Securing Services and Clients <http://msdn.microsoft.com/en-us/library/ms734736.aspx> Authentication <http://msdn.microsoft.com/en-us/library/ms733082.aspx> Authorization <http://msdn.microsoft.com/en-us/library/ms733071.aspx> Federation and Issued Tokens <http://msdn.microsoft.com/en-us/library/ms731161.aspx> Auditing Security Events <http://msdn.microsoft.com/en-us/library/ms731669.aspx> See Also Concepts Security Guidance and Best Practices <http://msdn.microsoft.com/en-us/library/ms731983.aspx> Von: Stadelmann Josef [mailto:josef.stadelm...@axa-winterthur.ch] Gesendet: Montag, 4. Oktober 2010 12:09 An: axis-u...@ws.apache.org Betreff: [axis2-1.2 SV & MS .NET WCF 3.5 CL] Password encryption in a heterogeneous environment Hi all, has someone come allong with the following and gained experience in a heterogenous environment on the following topics a) How to setup / pass allong in a soap-header or boady / encrypt- decrypt passwords b) Encrypt at my MS Windows VISTA .NET WCF 3.5 Client c) Decrypt the password and get clear text at my Axis2-1.2 or Axis2-1.5.1 Web Service Server or Service ( d) Then use the password in clear text at the server to login against the OpenVMS User Authentication facility (UAF) Any hints welcome Rampart would be fine but what shall I use on the Vista WCF 3.5 side? Is there a wsdl fragment avail to generate code for the .NET WCF 3.5 PC client to encrypt a password and What woul dbe the counterpart at the axis2 web service engine side? Josef
