Tuesday, April 29, 2008

Cardspace authenitcation with Identity Solution

WSO2 Identity solution 1.5 has been released. The new version supports SAML 2.0, which is a very handy feature to have.
Check more details about the release here.
You can also listen to this podcast by Prabath Siriwardena

Friday, April 25, 2008

C web services : A locus for demos

It's now possible to try out some of the samples/demos written using the WSO2 WSF/C. This page contains the downloadable archives, source codes and documentations. You can view, rate and try these samples and publish your own ones too. If you are interested in developing such demos, please drop an email to wsf-c-dev@wso2.org.
Right now we have an amazonclient, which can be used to do on-line transactions with Amazon E-commerce Service, a windows shell extension (aka FlickrPal), which can be used to upload you images to Flickr and a store client and manufacturing server to demo, how to address a typical business problem using WSO2 WSF/C.

Sunday, April 20, 2008

Writing a secure client in Ruby

WSF/Ruby provides an easy to use API to consume and deploy web services. Adding the Apache Rampart/C features, it also provides SOAP message confidentiality, integrity and authentication.
In the following four easy steps we will show how to write a secure client using WSF/Ruby.

1. Create the policy. Here we need to encrypt using the Basic256Rsa15 algorithm suite and the relavent key information should be identified using the Issuer name and the serial number of the certificate
      
policy_content = {"encrypt"=> true,
"algorithm_suite" => "Basic256Rsa15",
"security_token_reference" => "IssuerSerial"}
policy = WSPolicy.new({"security" => policy_content}

2. Create the security token. Note that the private keys and certificates need to be loaded
  
security_options = {"private_key" => pvt_key,
"receiver_certificate" => rec_cert}
security_token = WSSecurityToken.new(security_options)

3. Create options for policy and security token. Here the use_wsa=true means that the clinet MUST include WS Addressing header in the message.
  
options = {"use_wsa" => true,
"policy" => policy,
"security_token" => security_token}

4. Request from the service. For this we need to create the client.
  
client = WSClient.new(options, LOG_FILE)
res_message = client.request(payload)

The complete source code is as follows.
  
require 'wsf'
require 'rexml/document'

include WSO2::WSF
include WSO2::Util

#This is your pay load
req_payload = << XML
Hello World!
XML

begin
LOG_FILE = "security_sample.log"
ACTION = "http://php.axis2.org/samples/echoString"
END_POINT = "http://localhost:3000/encryption/encryption"

message_properties = {"to" => END_POINT,
"action" => ACTION}

#Load certificates and keys from the disk
rec_cert = WSUtil::ws_get_cert_from_file("../keys/bob_cert.cert")
pvt_key = WSUtil::ws_get_key_from_file("../keys/alice_key.pem")

#The payload or the body of the SOAP message
payload = WSMessage.new(req_payload,
nil,
message_properties)

#Create the security policy
policy_content = {"encrypt"=> true,
"algorithm_suite" => "Basic256Rsa15",
"security_token_reference" => "IssuerSerial"}

policy = WSPolicy.new({"security" => policy_content})

#Create the security token
security_options = {"private_key" => pvt_key,
"receiver_certificate" => rec_cert}

security_token = WSSecurityToken.new(security_options)

#Create option for the client
options = {"use_wsa" => true,
"policy" => policy,
"security_token" => security_token}

#Create a client instance
client = WSClient.new(options, LOG_FILE)

#Request
res_message = client.request(payload)

if not res_message.nil? then
puts "Received OM: "<< "\n" << res_message.payload_to_s << "\n\n"
puts "Client invocation SUCCESSFUL !!!"
else
puts "Client invocation FAILED !!!"
end

#If SOAP fault, print the details
rescue WSFault => wsfault
puts "Client invocation FAILED !!!\n"
puts "WSFault : "
puts wsfault.xml
puts "----------"
puts wsfault.code
puts "----------"
puts wsfault.reason
puts "----------"
puts wsfault.role
puts "----------"
puts wsfault.detail
puts "----------"

rescue => exception
puts "Client invocation FAILED !!!\n"
puts "Exception : " << exception
end

More security samples can be found here...

Friday, April 18, 2008

WSF/PHP : Creating Business-Conscious IT Solutions


In this article I have shown how to address a typical business communication scenario using WSF/PHP. It also discusses the importance of the message level security and shown how exactly those will be used in a scenario like this. The complete source code is available here.

Monday, April 14, 2008

What's beyond C web services?

Recently I started adding entries to the C web services blog. Doing so, I must state that C web services are not only limited to the C language itself, but also a basis for other programming languages. So far this has become a reality for PHP, Perl, Ruby and C++. Other scripting languages such as python to be added to the list in the future. The reason behind this successful pumping of array of frameworks to the community is the solid WSF/C, which is a web services framework written in C language. The framework allows you to consume and deploy web services easily and securely. WSF/C integrates the famous Axis2/C engine with implementations of various WS-* standards such as WS-Security, WS-RM, WS-Addressing and WS-Policy.
So why not conquer the web services beyond the C territory. :)
Click on and image to go to the respective project home pages.




Tuesday, April 08, 2008

Product of the year 2007 - GOLD - To WSO2 WSAS



Being awarded to WSO2 WSAS (Data Services).

Congratulations folks !!!
You deserve it.
--More--

Monday, April 07, 2008

Username and passowrd is not enough



If you are planning to steal a username and the password of your colleague, you'd better check this out. If he is clever enough to use key stroke dynamics with the GDM (Gnome Display Manager), you'll have to watch and practice a lot how he types them.
By modifying the GDM it is possible to store an encrypted hash of your key stroke pattern. This pattern will be verified using the key stroke dynamics in the next time you log in. Following article will show how to modify the GDM.

Identify and verify users based on how they type

Saturday, April 05, 2008

Open source will quietly take over

Read a nice article about the Open Source and it's future. Here are few lines from it.

...Users who reject open source for technical, legal or business reasons might find themselves unintentionally using open source despite their opposition...

..."Much of the availability, management and DBMS licensing costs will remain proprietary," says the report, and "version control and incompatibilities will continue to plague open-source OSs and associated middleware"...

...Open source gives massive scalability at no transaction cost, for whatever you are doing...

The full article is here...

Friday, April 04, 2008

A collection of PHP demos


Wanna try out some samples in PHP web services?
Try out this collection of demos.
You can try, download, rate samples and view the source code to get an idea what you can do with web services in PHP language. The demos here are developed with WSO2 Web Services Framework for PHP (WSF/PHP).

Thursday, April 03, 2008

Spring the WSF/*




Adding yet another member to the WSF family WSO2 has announced the release of WSF/Spring 1.0.
Similar to other WSF products, this too is released under the Apache license 2.0. Now the spring users would be able to expose web services using the famous Apache Axis2/Java engine. The framework is also powered by the WS-* of implementations including WS-Security, WS-SecurityPolicy, WS-Policy, WS-Addressing, WS-ReliableMessaging and WS-Eventing. Here you will find a quick start guide.