Changes between Version 13 and Version 14 of T12_Security/WS-Security


Ignore:
Timestamp:
31/08/06 17:09:57 (13 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • T12_Security/WS-Security

    v13 v14  
    4747For WS client side, `ZSI.Binding.Send` has `sig_handler` keyword which can be assigned to a signature handler class.  This must implement `sign` and verify methods.  These both take the same single argument of a `ZSI.writer.SoapWriter` instance.  `verify` indicates an invalid signature by raising an exception.  `GssSignatureHandler` the pyGridWare handler class raises a `VerifyError` type. 
    4848 
    49 For the server side there doesn't seem to be an explicit place holder for a signature handler so it would seem to be a more complicated as how to best sign a message.  Server side methods have access to the `ZSI.parse.ParsedSoap` instance which contains a `dom` member variable which would enable checking of content for verify. 
     49For the server side there doesn't seem to be an explicit place holder for a signature handler so it would seem to be a more complicated as how to best verify inbound messages and sign outbound ones.  Server side methods have access to the `ZSI.parse.ParsedSoap` instance which contains a `dom` member variable which would enable checking of content for verify. 
    5050 
    51 For signing responses it may need a sub class to `ZSI.ServiceContainer.SOAPRequestHandler` with an overloaded version of `do_POST` to include code to sign an outbound message.  More investigation is needed. 
     51For signing responses the best solution seems to be to sub class from `ZSI.ServiceContainer.SOAPRequestHandler` with an overloaded version of `do_POST` to include code to sign an outbound message.  This has been implemented.  `ZSI.dispatch._Dispatch` is a standalone function rather than a method of a class.  In order to custom then, it was necessary to make a copy of this and get a derived version of `ZSI.ServiceContainer.SOAPRequestHandler` to call it.  The custom `_Dispatch` method contains code to sign the outbound message.  Currently, X.509 cert and private key arguments are hard coded until a suitable way can be found to pass these variables in.    
    5252 
    53 The current status is that a working `SignatureHandler` class signs outbound messages from the WS client. 
     53The current status (01/09/06) is a working web service with `SignatureHandler` class signing/verifying messages to and from client and server. 
    5454 
    5555== XML Encryption ==