" /> Davanum Srinivas' weblog: July 2005 Archives

« June 2005 | Main | August 2005 »

July 31, 2005

[ANN] Apache WSS4J 1.0.0 Released

Werner has announced WSS4J release:

Apache WSS4J team would like to announce the 1.0.0 release for Apache
WSS4J Web Service Security implementation.

You can download the releases from:

http://www.apache.org/dyn/closer.cgi/ws/wss4j/1_0_0

Please allow one or two days to deliver the distributions to
the mirror(s).

Available is a binary as well as source distribution.

Please refer to the README file in the distributons for
further information regarding implemented features, additional
information, links to the Wiki pages, etc.

More information about WSS4J and related projectsis is available
on the WSS4J homepage:

http://ws.apache.org/wss4j

Have fun with WSS4J :-)

The WSS4J team

Posted by dims at 11:40 AM | | Comments (0) | TrackBacks (0)

July 23, 2005

SOAP vs REST

Everyone who is bashing SOAP/WS-*, how much better REST is or how easy it is to get things done with Python and XHTML, or how bad Axis is...here's what i think:

Point #1:
Just use whatever tools you want/have and leave us alone :)

Point #2:
If you do want to engage, show us specifically how we could bridge the gap between REST and SOAP. Specifically by engaging on the specs in the standards bodies or by participating in discussions on how to go about doing this in open source tools like Axis. Yes, we are trying to bridge the gap in Axis2.

Point #3:
If you are crabby about tools like Axis not doing things right, then LOG A BUG, show up on the mailing lists, help with patches, it's open source for god's sake.

Posted by dims at 11:10 AM | | Comments (18) | TrackBacks (9)

July 22, 2005

Microsoft confims - No WS-Security Patents

Here's the scoop. Excerpt below:

As a follow-up to our conversation, please be advised that, as of
today, neither Amy nor I know of any issued Microsoft patent claims
necessary for the implementation of WS-Security, as defined in our
sample posted license.  Therefore, we have no reason to believe anyone
would currently need to seek a license from Microsoft in that regard.

Posted by dims at 01:31 PM | | Comments (0) | TrackBacks (2)

July 21, 2005

Where can i get "July CTP of .NET Framework 2.0" from?

WSE 3.0 July CTP REQUIRES the July CTP of .NET Framework 2.0. Any pointers to where i can download this from?

Posted by dims at 05:13 PM | | Comments (0) | TrackBacks (1)

July 18, 2005

WS-Security : Next Episode of Boston Legal

Thoroughly enjoyable get to know that "IBM has no patents in WS-Security". Just wish we get the same message from Verisign and MSFT as well.

<IBMer #1>:  WS-Security is a great Spec.  We need to submit it to a
standards body.
<IBMer #2>:  Which one?
<IBMer #1>:  OASIS is pretty fast and efficient.
<IBMer #2>:  Yeah, but we want it to be RF, and OASIS only has a RAND
policy.
<IBMer #1>:  Right.  Hey, we can make an RF commitment anyway.  Others
have done it.  And, they're working on an RF policy.  That'll be done
soon.
<IBMer #2>:  Great idea.  When we submit the Spec to OASIS, we'll submit a
commitment to license all necessary claims on RF terms.  That'll work.
. . .
<OASIS>:            Thanks for the Spec.  Here is your working group.
<OASIS Member #1>:  We've noticed that you've made an RF commitment for
your patents.
<IBMer #1>:         Right.  We want everybody to know that we're not going
to try to hold up this Spec and that everyone can implement it.
<OASIS Member #1>:  But where are the terms?
<IBMer #1>:         What terms?
<OASIS Member #1>:  The terms for the patent license.
<IBMer #1>:         But we don't have any patents.
<OASIS Member #1>:  Not now.  But you might find one.  And if you do, we
want to know that we'll like the terms.
<IBMer #1>:         That's silly.  Why not just wait until someone
actually announces that they have a patent.  You'd save a lot of time.
<OASIS Member #1>:  Because we want to make sure we have all of our ducks
lined up now.
<IBMer #1>:         But, potentially, every company in the world could
have a patent that reads on WS-Security.
<OASIS Member #1>:  So.
<IBMer #1>:         Does that mean that you want to negotiate patent terms
with everybody in case they just might have a patent.
<OASIS Member #1>:  Maybe.  We still want patent terms from you because
you helped write the Spec.
<IBMer #1>:         OK, but it'll be a waste of time.  Let me go talk to
my lawyer.
. . .
<IBMer #1>:         Here is your patent license.
<OASIS Member #1>:  Thanks.  We don't like the terms. . . .
<IBMer #1>:         But we don't have any patents.
<OASIS Member #1>:  . . .
. . .
<Apache>:    Great Spec that WS-Security.  Wish we could implement it.
<IBMer #3>:  Why can't you implement it.
<Apache>:    You have necessary patents that you won't license on terms we
like.
<IBMer #3>:  But the terms are fine -- the same terms that apply to all
other Internet standards.
<Apache>:    You sure?
<IBMer #3>:  Yeah.
<Apache>:    But still, we don't want to be forcing patents on our
licensees unless we know the terms are OK.
<IBMer #3>:  I understand, but we don't have any patents.
<Apache>:    Oh.  Right.  So, if you didn't have any patents, why did you
publish a patent license then.
<IBMer #3>:  [sigh]

Posted by dims at 02:49 PM | | Comments (0) | TrackBacks (1)

July 15, 2005

WS-Security and Patents

Folks have asked me what's next? We will continue forward with a release of WSS4J and will continue the TSIK incubation process till something happens...That something is specific information about a particular patent (need the patent #) applicable to code that implements OASIS Web Services Security 1.0 (Core + UsernameToken and X509 Profiles). I have spent enough time google-ing and searching on uspto.

So if someone knows a specific patent #, please leave a comment here, add a blog entry (leave a trackback) or drop me a note.

Posted by dims at 10:31 AM | | Comments (0) | TrackBacks (0)

July 14, 2005

More bugs in WSE 3.0 CTP's MTOM

#1: Apparently a mime boundary like "----_AxIs2_Def_boundary_42214532" is not acceptable, because it has 4 underscores as prefix. WSE wants only 2 underscores.

#2: A long content-type is usually split into multiple lines, but WSE does not like it. it wants the whole thing in one line like this:
Content-Type: multipart/related; boundary=--MIMEBoundary632569798927416768; type="application/xop+xml"; start="cid:0.632569798927416768@example.org"; start-info="text/xml; charset=utf-8"

Someone please point them to the example in the RFC (http://www.faqs.org/rfcs/rfc2387.html)

There are other weird things like for example in the mime part the content-id, content-type are all lower case. which looks odd but is ok.

/me wonders what other hoops the JAX-WS EA folks had to do for getting their interop against 3.0 CTP.

Posted by dims at 11:23 PM | | Comments (1) | TrackBacks (1)

July 06, 2005

Please fix iTunes XML Parser

details are here:
http://www.intertwingly.net/blog/2005/07/05/Insensitive-iTunes

Posted by dims at 09:09 AM | | Comments (0) | TrackBacks (1)

July 05, 2005

Is it too easy to write your own soap stack?

I don't know. I was reading this Survey from XMLBeans folks. Reading about SAAJ there triggered other memories, sent an email to Steve asking him about Alpine. Thinking about Alpine reminded me of Steve's post on Jboss's initiative to replace Axis. That triggered me to do a google search on how others are faring, Here's the user mailing lists of a few other stacks (check the activity).
- ActiveSOAP
- XFire
- JWSDP
- Systinet

Then i started thinking about Axis2, on how to provide an upgrade path to the existing Axis 1.X users.

One thing keeps popping up. Is it too easy to write a soap stack? The more we do this, it seems more difficult to get it right without repeating the same mistakes we've done before. Before Axis2 there was Axis1 and before that there was Apache SOAP. Is everyone writing their own soap stacks know what they really signed up for? Or is WS-* too complicated for its own good? May be it's time to sleep...zzzzz

Posted by dims at 11:05 PM | | Comments (2) | TrackBacks (3)

WSS4J documentation / Comparison of WS-Security Toolkits

For those of you looking for more docs on WSS4J see Comparison of WS-Security Toolkits. It has a nice write up and sample code.

Posted by dims at 02:24 PM | | Comments (1) | TrackBacks (1)

AXIS2-0.9 released

The Apache Axis2 Team is pleased to announce the 0.9
release of Apache Axis2.

You can download the releases from:
http://www.apache.org/dist/ws/axis2/0_9/axis2-0.9-src.zip
http://www.apache.org/dist/ws/axis2/0_9/axis2-0.9-bin.zip

This Axis2 0.9 release has the following features:

* AXIOM, a SOAP specific streaming XML infoset model for SOAP
1.1/1.2 Messages
* Support for One-Way Messaging and Request Response Messaging
* Modules, mechanism to extend the SOAP Processing Model
* Archives based deployment Model
* WSDL Code Generation Tool for Stub and skeltons based on WSDL 1.1
* XML Beans based data binding support
* Support for WS-Addressing, both the Submission and Final versions
* Client API
* REST Web Service Support
* HTTP transport Support
* SMTP transport Support
* TCP transport Support
* MTOM/SWA attachments support
* SAAJ implementation

If you have a vision of how the next generation of Web services middleware
should be, and like to contribute to Axis2, please join us at
axis-dev@ws.apache.org. Any contribution in the form of coding, testing,
submitting improvements to the documentation, and reporting bugs is always
welcome.

More information about Axis2 is available from the Axis2 home:
http://ws.apache.org/axis2

-- The Axis2 Development Team

Posted by dims at 08:52 AM | | Comments (0) | TrackBacks (0)