On 9/16/07, Venkata Krishnan <[EMAIL PROTECTED]> wrote: > > Hi, > > The axis2 ws binding has an itest that exercises the 'confidentialy policy > intent' which is realized by encrypting the parts of the soap xml. Though > we are just about using Rampart, WSS4J, under the covers there seems to be > bouncycastle's classes doing the work. In the past there had been some > discussions on some patents that are included in some of the algos (IDEA) > in > bouncycastle, which SimonLaws thankfully pointed out. > > With the Release 1.0 preparations underway I had sought to clear up the > legal implications on 'general' list ( > http://www.mail-archive.com/[EMAIL PROTECTED]/msg15109.html) > and > to me its seems like it would take a while to arrive on a way out. > > Given the fact that we are targeting this week for our release I'd like to > exclude bouncycastle from our release distros. This means the following > in > the binding-ws-axis2 module : - > - exclusion of bouncycastle downstream dependency from rampart.mar > - exclusion of the unit test that exercises the 'confidentiality' intent ( > > org.apache.tuscany.sca.binding.ws.axis2.itests.policy.WSSecurityConfidentialityTestCase > ) > > However, users wishing to try out the'confidentiality' intent can do so by > directly downloading bouncycastle-bcprov-jdk15-* jars themselves and > setting > it into the classpath. > > I have made these changes to the Rel 1.0 branch. > > I will also go and update this information in the ReleaseNotes and FAQ. > > Thanks > > - Venkat >
That seems like a good approach for now, thanks for sorting it out. ...ant
