> - not possible to extend WS-SP declaration to use new AlgorithmSuite It is possible to do this, see here for more information:
http://coheigea.blogspot.com/2011/09/specifying-custom-algorithmsuite.html Colm. On Sat, Jan 21, 2012 at 9:06 PM, Dmitriev Vadim <[email protected]> wrote: > Hi! > > I'm implementing web service with the following special requirements: > 1. login/password for user authentication; > 2. GOST 34.10-2001/34.11 [1] algorithms should be used for signature > computation (signature is optional; configured on per user basis from fig. > 1) > > I considered using WS-SecurityPolicy or WS-Security directly, but there are > pros in both cases: > 1. WS-SP: > - easy to make signature optional with wsp:optional attribute; > - not possible to extend WS-SP declaration to use new AlgorithmSuite > (GOST); > 2. WS-S: > - CXF has extension point to define new AlgorithmSuite; > - impossible to configure WSS4JInInterceptor to treat signature as optional > (extending WSS4JInInterceptor may be a solution); > > May it be that I missed some way to extend WS-SP to declare new > AlgorithmSuite? Or does this spec permit to use only predefined algorithms > declared in [2]? > Or is there a better way to meet my requirements? > > WS-S and WS-SP are pretty complex specs to learn in just a few days. I will > be thankful for any insight. > > Regards. > -- Vadim > > [1] http://en.wikipedia.org/wiki/GOST_%28hash_function%29 > [2] > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
