Hi developers, We have a Axis2 and Addressing.mar on Tomcat on JDK 1.5 on OpenVMS - And our Web Service runs in scope="soapsession", which makes long lasting sessions.
We have a .NET .VB .C# WCF 3.5 WS Client communicating through a SOAP-XML over HTTP Protocoll using the ServicegroupId Header to make long lasting sessions in scope="soapsession" possible. All works fine and performat !!! Thanks to Axis2 and WCF 3.5 .NET Now we need to secure the following !!! Username and Password is a part of a login-request-soap-body-element This is no longer allowed to be transmitted un-encrypted in clear text over the network. We could switch to HTTPS/SSL and the game is over !!!! But, we are interessted in using a more WS oriented approach and in learning! Hence in this situation INTEROPERABILITY is our major issue! And a Tools Based Appraoch to reach that fast is another issue! (even time is not a killer, but we want to learn how to make faster progress with Web Services and in particular security) We like to remain with Tomcat and Axis2 running on OpenVMS 8.4 and a JDK 1.5.0 or JDK 6.0. What technology shall we use to encrypt the password in a SOAP-BOADY, maybe we like to have sort of re-authentication after some time-out later in a SOAP-HEADER. We intend to use Rampart with the Axis2-Engine running our WS BUT What do we need on the Client Site to get first the password encrypted (Message Level Security) and later other sensible SOAP-HEADER/BODY-ELEMENTS How do this things fit together? .NET and WS-* (Security) Is there a good article somewhere how to achive that? How could WSIT from SUN (the Metro WS Stack) help us? Does Apache Axis2-Team run or participate on the PLUG-FEST from Microsoft and SUN where participants demonstrate theire interoperability capabilities against defined web-service servers/szenarios? What whould be your approach / response to this Security Based Interoperabiliy Issues? And how can we best make use of NetBeans (anything that supports us) Thank'sfull for a Hint Josef
