axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manjula Peiris <>
Subject Re: security policy and Rampart/c integration
Date Thu, 08 Feb 2007 07:14:29 GMT

Hi devs,

I have integrated the Rampart/C and security-policy for all the features
Rampart supporting up to now.(UsernameToken,Timestamp and encryption.)
This can be downloaded from

This is the major change I have done.

When building or processing the message rampart get the configurations
from a rampart_context which wraps a security policy object.This was
previously done using rampart_actions which is created from
parametrs(inflowsecurity and outflowsecurity) in  axis2.xml or

Since we don't have a general policy framework there are 2 approaches we
can follow to keep policies.

1.Keeping 1 agreed policy file in both server and client.(Initiator and
-if we follow this, the message formats will be restricted. For example
if the initiator to recipient message is encrypted, then recipient to
initiator message will also be encrypted. 		

2.Keeping 2 policy files in each party.
- The Recipient will have initiators outgoing message policy and will
consider it as his incoming message policy and vice-versa. With this
approach message formats will not be restricted, but user will have the
overhead of keeping to many policy files.

Another issue is how to give these policies to rampart.That is are we
going put them in axis2.xml or services.xml or any other way.

It is great if we can resolve these issues before merging the scratch
with the head.



On Tue, 2007-01-23 at 15:06 +0530, Manjula Peiris wrote:
> Hi all,
> I have sent the patch implementing security policy for Rampart/c. In
> order to integrate security policy with Rampart/C some significant
> changes need to be done for some parts of Rampart/C. Meanwhile The
> current Axis2/C (Rampart) code base may break due to these changes. So
> can any one suggest a solution for this.
> Thanks.
> Manjula.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message