Fwd: Re: [wss-comment] Standard Java Toolkit for WS Security and SAML

[Anne Thomas Manes <anne@manes.net>]

I just realized that I didn't copy this email to the entire group.

In addition to the list of platform vendors below, I've also found the
following list of WSM vendors that support WSS (not an exhaustive
list):

- Westbridge 
- DataPower
- Oblix/Confluent

And, of course, Microsoft supports WSS in the WSE distribution.

> Date: Sat, 06 Mar 2004 12:21:35
> -0500
> To: D Lillee <dlillee2000@yahoo.com>
> From: Anne Thomas Manes <anne@manes.net>
> Subject: Re: [wss-comment] Standard Java Toolkit for WS Security and
> SAML
>
> Quite a few Web services platforms and Web services management products
> provide support for earlier versions of the WS-Security specification.
> (Please keep in mind that the current WSS committee drafts were just
> published on Feb 17. It will take the vendors a short time to release
> updates of their products.) Fortunately there have been very few
> normative changes to the WS-Security specs, so older implementations are
> pretty close to being completely compliant with the WSS committee drafts.
>
> I don't have a complete list of products that support WS-Security, but
> here are a few examples of Java WSPs:
>
> - BEA WebLogic Workshop includes a WS-Security provider with support for
> Username and X.509 tokens.
> - IBM WebSphere JAX-RPC implementation includes a WS-Security provider
> with support for Username and X.509 tokens.
> - Oracle 10g JAX-RPC implementation includes a WS-Security provider with
> support for Username, X.509, Kerberos, and SAML tokens. 
> - Systinet WASP includes a WS-Security provider with support for
> Username, X.509, and SAML tokens.
>
> Most vendors provide a free evaluation kit. The first three products run
> within their respective J2EE application servers. Systinet WASP works
> with pretty much any Web server, servlet engine, or J2EE app
> server.
>
> Apache is developing a WS-Security provider (WSS4J) for use with Apache
> Axis. It will include support for Username and X.509 tokens.
>
> Neither JSR-183 nor JSR-155 has been published, so there are no standard
> Java APIs for SAML or WS-Security. 
>
> There is no wss-dev list at this time.
>
> Regards,
> Anne
>
>
> At 10:11 AM 3/1/2004, you wrote:
> > Wondering if anyone can answer
> > following questions about Web Service Security
> > toolkit.
> >  
> > 1) Are there any Java Web Service Security Toolkits that support OASIS WS
> > Security
> >     specification w.r.t. creation and processing of
> > PasswordToken, SAML Assertion
> >     Token, etc. ? If yes, which vendors? Any evaluation
> > copy available?
> >  
> > 2) Are there any Web Services Security Toolkit that support following
> > standard
> >     Java API specification: 
> >         (a) JSR-183 for SOAP Message
> > Security APIs and
> >         (b) JSR-155 for SAML Assertion
> > APIs
> >  
> > 3) Can these toolkits be used with wide range of web server
> > environments?
> >  
> > 4) Also is there a wss-dev mailing list that is available for users and
> > developers?
> >  
> > Thanks for your help.
> >     
> >
> >
> > Do you Yahoo!?
> > Get better spam protection with
> > Yahoo!
> > Mail 
>
> ~~~~~~~~~~~~~~~~~~
> Anne Thomas Manes
> VP & Research Director
> Burton Group

~~~~~~~~~~~~~~~~~~
Anne Thomas Manes
VP & Research Director
Burton Group