Hi, The axis2 ws binding has an itest that exercises the 'confidentialy policy intent' which is realized by encrypting the parts of the soap xml. Though we are just about using Rampart, WSS4J, under the covers there seems to be bouncycastle's classes doing the work. In the past there had been some discussions on some patents that are included in some of the algos (IDEA) in bouncycastle, which SimonLaws thankfully pointed out.
With the Release 1.0 preparations underway I had sought to clear up the legal implications on 'general' list ( http://www.mail-archive.com/[EMAIL PROTECTED]/msg15109.html) and to me its seems like it would take a while to arrive on a way out. Given the fact that we are targeting this week for our release I'd like to exclude bouncycastle from our release distros. This means the following in the binding-ws-axis2 module : - - exclusion of bouncycastle downstream dependency from rampart.mar - exclusion of the unit test that exercises the 'confidentiality' intent ( org.apache.tuscany.sca.binding.ws.axis2.itests.policy.WSSecurityConfidentialityTestCase ) However, users wishing to try out the'confidentiality' intent can do so by directly downloading bouncycastle-bcprov-jdk15-* jars themselves and setting it into the classpath. I have made these changes to the Rel 1.0 branch. I will also go and update this information in the ReleaseNotes and FAQ. Thanks - Venkat
