Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Using opensaml to secure Web Services using Axis and EJBs

Subject: OpenSAML user discussion

List archive

Re: Using opensaml to secure Web Services using Axis and EJBs


Chronological Thread 
  • From: Tom Scavo <>
  • To: "" <>
  • Cc:
  • Subject: Re: Using opensaml to secure Web Services using Axis and EJBs
  • Date: Thu, 19 May 2005 08:40:01 -0400
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=clNUulHRHsehLrxn2/Sj3bM41L8F3j2S3Gt/WzT1z988SOF5Y/qge8Eg6Emw/BJorGKO2hmbgQl88TuD3HAZzwXLOZmmQbn79CHX/CpuouQbhF2FzvGiyDghw+D/+nVPrxmNmDajR5JGk+raZfNw5b+fSpuesZ5x8ShIZsHH38M=
On 5/19/05,

<>
wrote:
>
> I'm doing a comparison between Web Service security techniques for my
> Bachelor thesis. I'm concentrating on WS-Security and SAML. I've already
> done a succesful implementation of WS-Security using WSS4J. I'm currently
> using Axis and JBoss to deploy my Web Services. These Web Services use
> session beans (EJBs) as their provider.

Cool.

> So far so good. But now I have to use SAML to secure these Web Services.

You mean you're going to implement the WS-Security SAML Token Profile?

> Is opensaml the way to go for me?

The WSS SAML Token Profile specifies SAML 1.1 so the OpenSAML
implementation is in the right ball park, yes.

> Is opensaml even suitable for this purpose, or do I need to look at other
> implementations of SAML?

Well, you don't have too many choices...here is a list of open source
implementations of SAML 1.1 core:

- OpenSAML 1.0.1 (Java/C++) http://www.opensaml.org/
- SourceID SAML 1.1 Java Toolkit 2.0
http://www.sourceid.org/projects/saml-1.1-toolkit.html
- SAMUEL (Java) http://sourceforge.net/projects/guanxi/

As far as I know, this is a complete list.

Hope this helps,
Tom

Archive powered by MHonArc 2.6.16.

Top of Page