+1 to shipping something that works globally out of the box - 128. +1 to documenting the simple procedure to update that to 256-bit.
Jonathan Marsh - http://www.wso2.com - http://auburnmarshes.spaces.live.com > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Keith Chapman > Sent: Friday, July 11, 2008 8:46 AM > To: mashup-dev > Subject: [Mashup-dev] Security scenarios integrated to the Mashup > Server > > Hi all, > > I've integrated security capabilities to the Mashup Server. This allows > uses to secure there Mashups using a set of most commonly Used security > policies as well as access these mashups with ease. These security > policies include, > > 1. Username Token authentication over HTTPS > 2. Sign only - X509 Authentication > 3. Sign and encrypt - X509 Authentication > 4. Sign only - Anonymous clients > 5. Encrypt only - Anonymous clients > 6. Sign and Encrypt - Anonymous clients > 7. Encrypt only - Username Token Authentication > 8. Sign and Encrypt - Username Token Authentication > 9. SecureConversation - Sign only - Service as STS - Bootstrap > policy - Sign and Encrypt , X509 Authentication > 10. SecureConversation - Encrypt only - Service as STS - Bootstrap > policy - Sign and Encrypt , X509 Authentication > 11. SecureConversation - Sign and Encrypt - Service as STS - > Bootstrap policy - Sign and Encrypt , X509 Authentication > 12. SecureConversation - Sign Only - Service as STS - Bootstrap > policy - Sign and Encrypt , Anonymous clients > 13. SecureConversation - Encrypt Only - Service as STS - Bootstrap > policy - Sign and Encrypt , Anonymous clients > 14. SecureConversation - Encrypt Only - Service as STS - Bootstrap > policy - Sign and Encrypt , Username Token Authentication > 15. SecureConversation - Sign and Encrypt - Service as STS - > Bootstrap policy - Sign and Encrypt , Username Token Authentication > > > I have used the default security scenarios that WSAS ships with. The > security scenarios there need provision for unlimited security > jurisdiction. Hence will not work out of the box. I can make it work > out > of the box by reducing the keysize to 128 instead of 256 (These are > just > policy files so if a user wants to use greater security he can set it > to > 256). > > WDYT? I inclined to changing the security policies to use a keysize of > 128. > > NOTE: Some of the scenarios listed above need provision for unlimited > security jurisdiction. This will basically be couple of Jar files, > which > will be available at Java Cryptography Extension (JCE) Unlimited > Strength Jurisdiction Policy Files. Download jce_policy-x_y_z.zip > (relevant to your JDK version) and extract the jar files > local_policy.jar and US_export_policy.jar to > $JAVA_HOME/jre/lib/security. > > Thanks, > Keith. > > _______________________________________________ > Mashup-dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/mashup-dev _______________________________________________ Mashup-dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/mashup-dev
