Monday, December 11, 2006

Rampart/C ready for encryption

The security module for the Axis2 engine is ready to support encryption now.
The first release of rampart supported usernametokens and timestamps. The phase2 of rampart planned to implement the SOAP message encryption. But the biggest problem to be addressed is that there is no supporting XML encryption library. Thus the priority is given for writing an XML encryption library which is later known as OMXMLSec. The name stands for axiOM XML Security library.

OMXMLSec

OMXMLSec is written for the AXIOM, which is the XML Object Model for Axis2. It is designed to support XML Encryption and Signature. The first phase supports encryption only. Right now OMXMLSec has the capability of supporting following algorithms as specified in XNL Encryption recommendation.
http://www.w3.org/2001/04/xmlenc#tripledes-cbc
http://www.w3.org/2001/04/xmlenc#aes128-cbc
http://www.w3.org/2001/04/xmlenc#aes256-cbc
http://www.w3.org/2001/04/xmlenc#aes192-cbc
And for key transport
http://www.w3.org/2001/04/xmlenc#rsa-1_5
OMXMLSec uses Openssl as the underlying crypto library.
Moreover OMXMLSec has special capability to support asymmetric key encryption which is an essential part of SOAP message encryption.

Back to Rampart

Right now rampart is configured using the axis2 descriptor file. In future this will be changed with security policy implementation, which has started recently.
In this week I need to do the interop with Java implementation. Also need to integrate with the PHP. Mmm... might make my life very busy. :)