axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From suresh attanayake <suresh.attanay...@gmail.com>
Subject Re: establishing trust between two or more standalone STS
Date Mon, 08 Aug 2011 07:36:23 GMT
Hi Maicon,

Federated STSs and Attribute Services are defined in the WS- Federation
Specification but currently Apache Rampart has not implemented the
Federation specification. We group of students from University of Moratuwa
are implementing this specification for Apache Rampart as a part of our
final year project and we are willing to make it available in the rampart
public svn.

thanks,
suresh..

On Sat, Aug 6, 2011 at 1:53 AM, Maicon Stihler <stihler@gmail.com> wrote:

> Hi,
>
> I want to use apache rampart to establish a federated environment, but I'm
> having trouble to find details on how to operate the STS on a standalone
> setup.
>
> In this scenario, I would create as many STS as there are security domains,
> and establish trust relationships between them all. Thus the users from each
> security domain could obtain security tokens to access services on different
> security domains.
>
> Reading the documentation on the Rampart web site, it is not very clear how
> the STS is operated (e.g. how do I create a custom STS that runs separated
> from the relying party? or how do I tell the STS who should be trusted when
> validating tokens from other STSs?)
>
> From the samples, it seems that the STS is embedded on rampart itself, but
> I want to create an STS that acts as an attribute authority (i.e. it would
> retrieve attributes about subjects on a custom db like LDPA, PgSQL, etc).
>
> I apologise for such a basic question. I've been reading about
> WS-Federation (more precisely, the active requestor profile), but I couldn't
> find any implementation for it, so I thought about of emulating part of it
> (not the metadata about the federation, autoconfiguration based on policies,
> etc) using apache rampart. I thank you in advance for any tips or directions
> to other resources on this subject.
>
> Best regards,
> Maicon Stihler
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: java-dev-unsubscribe@axis.**apache.org<java-dev-unsubscribe@axis.apache.org>
> For additional commands, e-mail: java-dev-help@axis.apache.org
>
>


-- 
Suresh Attanayake

Blog : http://sureshatt.blogspot.com/
LinkedIn : http://www.linkedin.com/pub/suresh-attanayake/16/165/181
Twitter : http://twitter.com/sureshatt

Mime
View raw message