Ticket #226 (closed task: fixed)

Opened 15 years ago

Last modified 14 years ago

[S] Convert to NDG Security WS interfaces to use WS-Security

Reported by: pjkersha Owned by: pjkersha
Priority: blocker Milestone: BETA
Component: security Version:
Keywords: LBL, ZSI, WS-Security, DEWS Cc:

Description (last modified by pjkersha) (diff)

Modify WS interfaces to use WS-Security compliant SOAP messages.

This ties in with  Status of WS-Security libraries - talking to Keith Jackson and Joshua Boverhof at LBL about ZSI implementation/pyGridware.

DEWS requires WS-Security for security interfaces.

Change History

comment:1 Changed 15 years ago by pjkersha

  • Status changed from new to assigned
  • Description modified (diff)

comment:2 Changed 15 years ago by pjkersha

Progress on this task written up on the wiki:  http://proj.badc.rl.ac.uk/ndg/wiki/T12_Security/WS-Security

Contacted Joshua Boverhof for advice with ZSI and pyGridWare. There is now working test code for WS-Security for digital signature and encryption:


  • uses ZSI SVN release 1252 (post official 2.0_rc2 release)
  • document literal style WSDL
  • M2Crypto and pyCrypto modules for signature and encryption handling
  • Currently also dependent on 4Suite XML package
  • Security handlers adapted from pyGridWare code
  • Tested against pyXMLSec code (and also therefore XMLSec C library since pyXMLSec is so tightly coupled to it)


  • Try use of Twisted for web services
  • Generate WS-Security SOAP header elements using ZSI type codes rather than DOM code.
  • Test against Java WebSphere client and server code (for DEWS and to check compatibility cross language)

comment:3 Changed 15 years ago by pjkersha

  • Successfully tested WS-Security with digital signature with verification by WebSphere? client. TODO: python verification of WebSphere? generated signature.
  • Working test code with Twisted.

comment:4 Changed 14 years ago by pjkersha

  • Status changed from assigned to closed
  • Resolution set to fixed

Closing this ticket:

  • Tests carried out with Java WebSphere client with Session Manager and Attribute Authority (digital signature only but this is all we need as we can use https for encryption)
  • Certificate Authority Web Service interface also working with WS-Security.
Note: See TracTickets for help on using tickets.