Sunday, December 30, 2007

Hiking in Mee-Muray

Mee-Muray, a village situated in the border of Kandy and Mathale districts in Sri Lanka, was our latest hiking destination. Covered with thick lush green and surrounded by picturesque mountains, it provides the exact essentials you need for a genial hiking.
With many paths to hop-on and places to relax when tired, it requires at least two days to cover the area. A very steep la-ke-gala(gala=rock) and many streams feeding the Mahaveli river are the best attractions. Also it's worth to explore the calm lifestyle of the habitants who are far far away from busy towns and main roads. (36 kms to the closest town). Alternatively bird watching, bathing and hiking in the jungle can be done. Moreover, if you have seen the movie, "Sooriya Arana" which brought you a very nice story between a young buddist monk and child hunter, the locations are mostly from this village and surrounding jungle.

How to go there...
Traveling from Colombo, take the Mahi-yan-gana bus which usually takes 5 to 6 hours for the total journey. Alternatively you may go to Kandy and take the Mahi-yan-gana, Bibi-le, Dehi-atta-kandiya or Udu-dumbara bus. After a one and half hour traveling from Kandy, get down in the Hun-nas-giriya town. From there, you have to test your luck. Usually, if there is no-rain and if the driver thinks he should go to the town, there is a bus going back from Hun-nas-giriya to Mee-muray around 1 PM. Well... to be frank its a small van with big wheels and a driver with a great attitude. If you miss the bus there are two alternatives. First, check with the shop owners in the city for a lorry scheduled to be gone to Mee-muray or a closer destination. The second option is to bargain with taxi drivers(3-wheel), who are a bit reluctant to go to Mee-muray. They usually charge from 1500 to 2500 LKR for the journey and you MUST ask them to bring you to the Mee-muray temple or the school. Do not say just Mee-muray and you would definitely end-up in a place where they'd like to drop you off. Alternatively if you do not have a heavy luggage and would like to depend on your feet, take the bus to Lool-watta and walk from there to Mee-muray for next 17 kms.

More places to visit...
Saying all these, the best option is to use a 4WD vehicle. The road is not that bad but there are certain places that you need to use such a vehicle with a good ground clearance. And there are other advantage of avoiding public transport apart from saving the time and energy. On your way to Mee-muray, the first part of traveling is through tea states lies on high mountains. So you may get down and taste a snack looking at gorgeous valleys and mountains. Also you may stop by a place called Deanston, after a 7 kms of traveling. The area is filled with birds, butterflies and flowers. And about 1.3kms away from the road you may go to a mini world's end to have a good look at the 90 degree slope and Dumbara mountains. Also the Garandi falls, Yahan gala rock, Mahiyangana valley and Sora-bora lake can be seen far away in a less cloudy day.

What to bring...
You may buy essential food in Hun-nas-giri town or in Kandy preferably. Noodles, chocolates, cheese are lesser in weight. Also bring something to apply to get rid of leeches. We usually make a mix of salt and soap. If you plan to climb the la-ke gala rock, you'll need a strong rope too. Also bring enough clothes and blankets to face chilling nights.

Where to stay...
The most common places to stay are the temple and the school. Sometimes a good smile and a friendly chat can make your stay in a warm house too. Do not expect much from these poor families. They have only what they need for their survival. But they would definitely assist to make your stay a comfortable one in the village. For example in the first day we were freezing due to the coldness of the ground and in the chilling breeze in the night. The second day we had some mats thanks to an old couple living nearby.

Satisfaction...
Is mostly depend on your interests. If you are up to experience the difference between your warm bed and hardness on a pan-pedura(a mat) or to experience the ear-locking silence in the night, your satisfaction can be guaranteed. Also if you are a photographer, a bird watcher or a hiking lover you wouldn't be disappointed. If you are non of these and would like to just see the village it's better to reserve a room in the Deanston circuit bungalow about 30kms away, and come to the village during the day time. Alternatively you may book a camping site in the same location. You may get a tent for about 800LKR enough for 12 people.


Thursday, December 20, 2007

XML User Interface Language

If you have written an extension to mozilla, chances are less that you haven't seen an *.xul file. This file contains instructions on how the UI is organized. How the buttons/menus are added and how the layout should be etc.
The XUL is the markup language for creating user interfaces behind all these. Find out more about XUL in the following tutorial.
http://www.xulplanet.com/tutorials/xultu/

Friday, December 14, 2007

Encrypting SOAP messages using PHP

If you have configured WSO2 WSF/PHP in your system, it takes only a few additional lines to get your SOAP messages encrypted.
Following is a PHP script, showing the necessary steps that you need to follow.
<?php
$reqPayloadString = <<<XML
<ns1:Privacy xmlns:ns1="http://privacy.abc.com/privacy"><Info>MyConfidentialInfo</Info></ns1:Privacy>
XML;

try {

/* 1. Load certificates*/
$rec_cert = ws_get_cert_from_file('your/path/to/certificate.cert');
$pvt_key = ws_get_key_from_file('your/path/to/private_key.pem');

/* 2. Create a new message request*/
$reqMessage = new WSMessage($reqPayloadString,
array("to"=>"http://privacy.abc.com/your/privacy_service.php",
"action" => "http://privacy.abc.com/privacy"));

/* 3. Create a security array to keep security properties*/
$sec_array = array("encrypt"=>TRUE,
"algorithmSuite" => "Basic256Rsa15",
"securityTokenReference" => "EmbeddedToken");

/* 4. Create a policy using the security array*/
$policy = new WSPolicy(array("security"=>$sec_array));

/* 5. Create a new security token*/
$sec_token = new WSSecurityToken(array("privateKey" => $pvt_key,
"receiverCertificate" => $rec_cert));

/* 6. Create a new web service client*/
$client = new WSClient(array("useWSA" => TRUE,
"policy" => $policy,
"securityToken" => $sec_token));
/* 7. Request*/
$resMessage = $client->request($reqMessage);

} catch (Exception $e) {
if ($e instanceof WSFault) {
printf("Soap Fault: %s\n", $e->Reason);
} else {
printf("Message = %s\n",$e->getMessage());
}
}
?>

A complete article on this can be found here...

Wednesday, December 12, 2007

WSO2 Identity goes 1.0

Providing the CardSpace authentication with an identity provider and a set of relying party components, WSO2 Identity Solution 1.0 has been released y'day. It comes with a cost of $0 under Apache license 2.0.
So why not try now?

Sunday, December 09, 2007

Federated Sign On explained



  • Company A maintain their employee records
  • Company B provide services
  • Company A's employee Mr.X need to access Company B's services
  • Company A and B form a federation
  • Company B trust, A's employees and allow Mr.X to access their services.

In this way company B don't have to maintain records of employees of company A(and A1, A2, A3...)

And also Mr.X's privacy is guaranteed by Company A

Friday, December 07, 2007

Planing to secure web services?

When you plan to secure your web services, first you need to understand the exact security requirements. If you do not care about providing message level security, you can easily use the transport layer security. As an example web services over HTTPS.

If you do care, to protect messages even after the transit, or you have multiple intermediaries that need to be involved in the message delivery process, you need to go for the message level security.



Alternatively you may use both these together. For example you might use the transport layer security provide the confidentiality while using message level security for authentication purposes.

Apart from understanding the basic standards such as XML Encryption, XML Signature, Keys management in SOAP message security, you need to understand how to configure the security features.

The common standard for this in web services is to follow WS-Policy and WS-Security Policy specifications. These two specifications defined the behavior model for web services. For example whether the message need to be encrypted, signed, what type of tokens to be included in the security header etc. Also a requirement for one service may not be valid for another. Thus defining service specific requirements might be necessary.

Wednesday, December 05, 2007

Tuesday, December 04, 2007

MTOM attachments and SOAP message encryption

If we are to guarantee the confidentiality of SOAP message we have to encrypt them. For example a SOAP body may carry information that are only for authorized parties.
But what about MTOM attachments? Is it not possible to encrypt them? Do we have to send them as it is?
The answer is NO. We must encrypt the attachment as well. For example, such attachments might carry some confidential image or a secret key in binary format.
The question came in the way AXIOM handled attachments. For example in order to encrypt a particular node, the first step would be to serialize it. But when the serialization happens, the attachment is ignored. Thus the confidentiality is not applied to the attachment.
As a solution for this, we have to get the attachment as a base64 encoded string. Then this whole content should be encrypted. In fact this is now possible with the newly introduced axiom_node_to_string_non_optimized() function, which returns non-optimized base64 encoded string representation of the MTOM attachment. So when ever it is necessary to use xml encryption in OMXMLSec, it is required to use the above function to serialize the XML data.

Following code segment shows how to we do the above

axis2_char_t *serialized_data = NULL;
oxs_buffer_t *serialized_buf= NULL;
axis2_status_t ret = AXIS2_FAILURE;

...
/*Serialize node*/
serialized_data = axiom_node_to_string_non_optimized(node, env);
serialized_buf = oxs_buffer_create(env);
ret = oxs_buffer_populate(serialized_buf, env, (unsigned char *)serialized_data, axutil_strlen(serialized_data));

/*We call encrypt_data*/
ret = oxs_xml_enc_encrypt_data(env, enc_ctx, serialized_buf, enc_type_node);

Friday, November 16, 2007

OpenSSL Win 32 binaries

Since there are many questions on where to get OpenSSL Win32 binaries...
This is the place to go.
http://www.slproweb.com/products/Win32OpenSSL.html

Thursday, November 15, 2007

Secured Web Services with PHP

In the following article I've described how to secure web services using WSO2 WSF/PHP.

Secured Web Services with PHP


This covers
  • How to write a PHP client to invoke web services and enable security in SOAP messages.
  • How to deploy a PHP web service that expect secured SOAP messages.

You may download WSO2 WSF/PHP here.
The WSF/PHP API can be seen here

Wednesday, November 07, 2007

No more naked email addresses

A simple but smart way to deceive spam bots by obfuscating the mail link.
http://www.alistapart.com/articles/gracefulemailobfuscation
You may find a demo too...
Nice work Roel.

Thursday, November 01, 2007

Semantic Web

A really nice article for a newbie (like me) on Semantic Web.
http://infomesh.net/2001/swintro/

Wednesday, October 24, 2007

Quantum Cryptology

Cryptography from mathematics to physics...
Find out more here.

ApacheCon Europe 2008

ApacheCon Europe 2008

Amsterdam, The Netherlands -7 April through 11 April, 2008

Call for papers ends 26th October. Hurry...

Thursday, October 18, 2007

Breathing...

All of a sudden I realized that I've engaged in two fantastic exercises for last few months.
Many days in the morning I go jogging. That's inhale from nose and exhale from mouth.
At least two days per week I go swimming. That's inhale from mouth and exhale from nose.
Gosh! my engine should work properly.
Doing exercises has lot other advantages than being healthy.
1. It gives you a chance to meet people. Ground... Pool...
2. You have your own time to think. Try to think deep, inside water or think, deep inside water? New ideas does not only come in the shower.
3. At least you have a chance to smell fresh grass. Hmm... I like it when I jog. Better after a rain overnight.
4. Finally you can avoid traffic in the morning and in the evening. (Luckey that I have flexible working hours)
So think about it. Go jogging next morning. If you don't know how to swim, learn it.

Monday, October 08, 2007

A Quick Reference Guide for Rampart/C Configurations

In this tutorial I've shown how to configure Ramaprt/C to support different security requirements in WS-Security, based on WS-Secuirty Policy Specification 1.1

Thursday, October 04, 2007

Apache Rampart/C 1.0 Unleashed !!!

Unleashed to protect SOAP messages.

Yes. Rampart/C as the security module for Apache Axis2/C, provides it's users a way to protect their SOAP messages from intruders, spies and even hypocrites(hmm... bad people everywhere). :)
It provides Authentication, Confidentiality, Non-repudiation for messages with a minimum effort in configurations.

Rampart/C 1.0 is based on the WS-Security Specification 1.0.
It also encapsulates features of
  • Username Token Profile 1.1
  • X509 Token Profile 1.1
  • Ws-Security Policy Specification 1.0

Rampart/C is also the security module for WSF/C and WSF/PHP frameworks.

You may download it here
http://ws.apache.org/rampart/c/download.cgi

Key features of the release
  1. Ability to send and verify UsernameTokens with
    1. PlainText password
    2. Digested password
  2. Ability to send Timestamp tokens
  3. SOAP message encryption
  4. SOAP message signature
  5. WS Security Policy based configurations

Major changes since last release
  1. Memory leak fixes
  2. Many bug fixes
  3. Signature Encryption
  4. Signing specific headers
  5. Sign before encryption
  6. Encryption before signing
  7. Replay detection support
  8. Improvements to the context model
  9. Authentication module implementation
  10. Credentials module implementation
  11. Improvements to Key/Certificate loading mechanisms
  12. Easy to use deployment scripts
  13. WS-Security Policy (Spec 1.1) based configurations

Open source Vs proprietary

Interesting comparison... :)
Credit : The Open Road


WSO2 WSF/C 1.1.0 is released

WSO2 has announced another release of a hidden beast... it's WSF/C 1.1.0
WSF/C is actually the base framework for many implementations including WSF/PHP and WSF/Perl. There is another frameworks to be thrown to the open source community wrapping the WSF/C. Guess what...? It's WSF/Ruby.
So what makes WSF/C so special apart from being the base for many frameworks.
The first reason is that it's powered by the Apache Axis2/C web services engine. Other reason is that it encapsulates a number of modules that are WS-* implementations, such as Apache Rampart/C, Apache Savan/C and Apache Sandesha/C.
Once the WSF/C is downloaded, with a minimum effort for configurations, user can consume/deploy web services securely and reliably inheriting the features of it's module pack.
Have a look
http://dist.wso2.org/products/wsf/c/1.1.0/

Tuesday, October 02, 2007

Scientists Invent 30 Year Continuous Power Laptop Battery

Your next laptop could have a continuous power battery that lasts for 30 years without a single recharge ...[more]...

Hmm... that's enough time to do some useful research. Ohh I forgot !!! What's the duration of the laptop itself then?

Monday, October 01, 2007

Apache Axis2 1.1.0

After many improvements and bug fixes Apache Axis2 1.1.0 is released y'day. You may download it here.
The new release includes following key features.
  1. Support for one-way messaging (In-Only) and request response messaging (In-Out)
  2. Client APIs: Easy to use service client API and more advanced operation client API
  3. Transports supported: HTTP
    • Inbuilt HTTP server called simple axis server
    • Apache2 httpd module called mod_axis2 for server side
    • IIS module for server side
    • Client transport with ability to enable SSL support
    • Basic HTTP Authentication
    • libcurl based client transport
  4. Module architecture, mechanism to extend the SOAP processing model
  5. WS-Addressing support, both the submission (2004/08) and final (2005/08) versions, implemented as a module
  6. MTOM/XOP support
  7. AXIOM, an XML object model optimized for SOAP 1.1/1.2 messages; This has complete XML infoset support
  8. XML parser abstraction
    • Libxml2 wrapper
    • Guththila pull parser support
  9. Both directory based and archive based deployment models for deploying services and modules
  10. Description hierarchy providing access to static data of Axis2/C runtime (configuration, service groups, services, operations and messages)
  11. Context hierarchy providing access to dynamic Axis2/C runtime information(corresponding contexts to map to each level of description hierarchy)
  12. Message receiver abstraction
    • Inbuilt raw XML message receiver
  13. Code generation tool for stub and skeleton generation for a given WSDL (based on Java tool)
    • Axis Data Binding (ADB) support
  14. Transport proxy support
  15. REST support (more POX like) using both HTTP POST and GET
  16. Comprehensive documentation
    • Axis2/C Manual
  17. WS-Policy implementation called Neethi/C, with WS-SecurityPolicy extension
  18. TCP Transport, for both client and server side

Apache Rampart/C 1.0 is getting ready

Apache Rampart/C 1.0 release artifacts are uploaded here. Waiting for votes. :)

Friday, September 21, 2007

Don't Change the World


A nice story for you...

Once upon a time, there was a king who ruled a prosperous country. One day, he went for a trip to some distant areas of his country.

When he was back to his palace, he complained that his feet were very painful, because it was the first time that he went for such a long trip, and the road that he went through was very rough and stony. He then ordered his people to cover every road of the entire country with leather. Definitely, this would need thousands of cows' skin, and would cost a huge amount of money.

Then one of his wise servant dared himself to tell the king, "Why do you have to spend that unnecessary amount of money ? Why don't you just cut a little piece of leather to cover your feet?"

The king was surprised, but he later agreed to his suggestion, to make a "shoe" for himself.
There is actually a valuable lesson of life in this story : to make this world a happy place to live, you better change yourself - your heart; and not the world.

Monday, September 17, 2007

reCAPTCHA (f)or CAPTCHA


Are you human?

This is a question, many applications would ask on submitting a request to prevent automated attacks. You might've experienced entering distorted colorful text before the submission, that can be understood only by the human eye but by an automated bot. These are known as CAPTCHAs. It says that about 60 million CAPTCHAs are solved by humans around the world every day. This is millions of man-hrs wasted if you get the idea of re-CAPTCHA.

re-CAPTCHA will try to spend this effort in a useful way. Believe me, you are actually helping to digitize books. Instead of just typing some random text, which would be of no use to the mankind, you are digitizing a content of an old book, which appears a lil distorted as an image.
Interested? Pls continue...

And reCAPTCHA has a PHP library too.

Tuesday, September 11, 2007

How to export a private key from a java key store

This sample code shows how to export a private key from a Java Key store.

// Sample code taken from http://forum.java.sun.com/thread.jspa?threadID=154587&messageID=1403909
// How to export the private key from keystore?
// Does keytool not have an option to do so?
// This example use the "testkeys" file that comes with JSSE 1.0.3

*import* sun.misc.BASE64Encoder;
*import* java.security.cert.Certificate;
*import* java.security.*;
*import* java.io.File;
*import* java.io.FileInputStream;

*class* ExportPriv {
*public* *static* *void* main(String args[]) *throws* Exception{
ExportPriv myep = *new* ExportPriv();
myep.doit();
}

*public* *void* doit() *throws* Exception{

KeyStore ks = KeyStore.getInstance("JKS");
String fileName = "testkeys";

*char*[] passPhrase = "passphrase".toCharArray();
BASE64Encoder myB64 = *new* BASE64Encoder();
File certificateFile = *new* File(fileName);
ks.load(*new* FileInputStream(certificateFile), passPhrase);
KeyPair kp = getPrivateKey(ks, "duke", passPhrase);
PrivateKey privKey = kp.getPrivate();

String b64 = myB64.encode(privKey.getEncoded());

System.out.println("-----BEGIN PRIVATE KEY-----");
System.out.println(b64);
System.out.println("-----END PRIVATE KEY-----");
}

// From http://javaalmanac.com/egs/java.security/GetKeyFromKs.html

*public* KeyPair getPrivateKey(KeyStore keystore, String alias, *char*[] password) {
*try* {
// Get private key
Key key = keystore.getKey(alias, password);
*if* (key *instanceof* PrivateKey) {
// Get certificate of public key
Certificate cert = keystore.getCertificate(alias);
// Get public key
PublicKey publicKey = cert.getPublicKey();
// Return a key pair
*return* *new* KeyPair(publicKey, (PrivateKey)key);
}
} *catch* (UnrecoverableKeyException e) {
} *catch* (NoSuchAlgorithmException e) {
} *catch* (KeyStoreException e) {
}
*return* *null*;
}
}

Wednesday, September 05, 2007

WS-Policy 1.5 OUT!!!

W3C has release the version 1.5 of the Web Services Policy specification.
http://www.w3.org/TR/2007/REC-ws-policy-20070904/
WS-Policy Framework defines the behavior of a particular web service. It gives a set of assertions is specified in XML format. If interested in learning more about policy assertions click here.

Tuesday, September 04, 2007

Monday, September 03, 2007

Some Swedes can't go online...

Due to a bug in MS Vista, it said taht some Swedes can't go online.
http://www.theinquirer.net/default.aspx?article=42043

This has happened in the are of Lund, which belongs to the southern part of Sweden. Hmm... I wonder how they reacted to this... :)

DiggPicz

DigPicz to digg pics...
Check it out
http://digpicz.com/

Sunday, August 26, 2007

Selling SOA to the Business

A really interesting article discussing about marketing aspects of SOA.
http://www.infoq.com/news/2007/08/selling-soa

Wednesday, August 08, 2007

WS-Federation, wazzat?

Skimming through many resources available to understand WS-Federation, I found that following resources would be useful.
1. WSFED: Proposed Charter jump
2. Understanding WS-Federation jump
3. WS-Federation overview jump

Don't forget to read the enterprise scenario available under #2.

Thursday, August 02, 2007

WSF/PHP follows C.

Soon after the release of WSF/C 1.0, WSO2 team has released WSF/PHP 1.0, which is a PHP extension for those who need to provide/consume web services in PHP. This release includes the support for SOAP 1.0 and SOAP 1.1. Also it adds WS-Security, WS-Addressing, WS-Reliable Messaging, SOAP MTOM support. See the complete feature list here.
A good place to start WSF/PHP is the user manual. You can download and try WSF/PHP free under Apache License, Version 2.0.

Tuesday, July 24, 2007

Web Services Interop Plug-fest, Microsoft campus in Redmond, WA

Three of the WSO2 members including myself, went to Redmond, USA to participate in the MS interop-plugfest to ensure the interoperability in web services products. The event took place from 10th-July to 12th in the Microsoft's Redmond Campus. WSO2 had three products available in the bag for these testing. i.e. WSAS, WSF/C and WSF/PHP. Among many scenarios available, we selected a set of scenarios that are supported. Following is a brief description of how the testing went on for different categories of scenarios, and on areas we need to focus in the future.

Basic/Complex types:

One of the major areas we are lagging in my understanding is WSF/C's code
generation support. It is a tedious task to read WSDLs and write
clients. Especially in a time limited event like this. For some of the
WSDLs the code generated with adb support cannot be compiled. But thanks
to Milinda who was helping me a lot, we could fix these compilation
errors and test some ComplexDataType scenarios.

WS-Security:
The WS-Security scenarios associated with encryption and signature
inter-oped well with WCF/C. We had few issues in the SOAP body signing in
Rampart, but managed to fix it.

MTOM:
MTOM scenarios that WSF/C support worked well. Excluding MTOM with UTF-16 and with Security.

Relaible Messaging:
All most all the supported reliable messaging scenarios worked fine. This includes one-way and request-response(two way) scenarios.

Detailed results can be found here...

Further testing...
The biggest success we had in this event is to make MS to publish
their clients. So that we can interop with our services back in home. This would definitely allow us to debug our services and identify issues as early as possible. And also they've agreed to write a detailed document describing the usage.

Alright... In overall this is a fruitful event enabling us to identify many areas to be improved. Being the only web services framework implemented in C language, it is vital be interoperable with other products as much as possible. In fact the interoperability is a key factor of a successful web services product.
In Seattle we had a nice time. Good food, nice landscape and friendly people. One of the attractions in Seattle is this Space-needle. But coming back from US was a long trip, with delayed flights and scary bumps in turbulence. And I spent my first-ever airborne birth day above the pacific ocean.

Thursday, July 19, 2007

WSF/C 1.0 Unleashed...

Footing another step on the golden-sandy WSO2 path, firmly and timely, the WSO2 team has unleashed WSF/C 1.0 for those who need a more realistic and comprehensive experience in web services. Keeping the much acclaimed open source web services engine, Axis2/C, as the heart or the soul, WSF/C integrates many other modules that pumps WS-* specifications stack to provide security, reliability and eventing support. Thus called the Web Services Framework in C or the WSF/C in short. Find more details on WSF/C features here.
WSF/C is the ONLY framework implemented in C language that support WS-* stack today.
Just like Apache Axis2/C, all other projects that are integrated in WSF/C are Apache projects. To name few Apache Rampart/C, Sandesha2/C, Savan/C.
With the support of a worldwide community, stuffed with open source enthusiasts, these projects are getting matured and improved from release to release, in order to fulfill the web services requirements of C developers. Being a completely open sourced under Apache v 2.0 license, you can always download and try WSF/C for FREE. And even participate in future developments as a user or as a developer.

Monday, June 11, 2007

The new Replay Detection module comes with Rampart/C

Rampart/C has placed another step forward by introducing replay detection functionality for Axis2/C users. The replay detection module comes with Rampart/C and acts on behalf of services deployed, by just a matter of adding one more line in the policy configurations. If an attacker tries to Replay a message the module detects it and sends a SOAP fault back.
By default the RD(Replay Detection) module is turned OFF. All you have to do turn it ON is to add
<rampc:ReplayDetection>N</rampc:ReplayDetection>
policy assertion to your descriptor file where you've defined your policies. Here N is the number of records that must be kept in memory. Greater the value of N is, greater the chance of detecting a replay (with the cost of more memory:)).
Rampart/C keeps records of messages in a list and process them on arrival of a new message. A record is the concatenation of message id(wsa:msg-id) and the value of the timestamp.

RECORD_ID = MSG-ID+TIMESTAMP


The message ID is considered to be unique to a particular message. But for this, user needs to have the addressing module engaged(which comes with axis2/c). This is NOT a MUST but is the RECOMONDED approach. One can just survive with only the timestamp. But shouldn't forget the chance of generating two message at the same time, which definitely make them suspicious as a replay.
You may find a sample scenario here http://svn.apache.org/repos/asf/webservices/rampart/trunk/c/samples/secpolicy/scenario6
Cheers...

Sunday, May 27, 2007

A wonderful act of a friendship...

Y'day, I was in my garden near the well , giving a bath to our Doggy. Soon after finishing that I heard two noises, 'thump' 'thump'... very near to me. I saw a snake rushing away and a squirrel limping towards bushes. I managed to hold the Doggy as I saw another two squirrels stepping towards the limping one. In next few minutes I saw one of the the sweetest things in my life. A one squirrel came and helped the wounded one to climb to a coconut tree nearby. I had my second thoughts to go away and bring my camera to capture this. I was there holding our dog, seeing this wonderful act of a friendship. What a lesson ... :)

Friday, May 25, 2007

Rampart/C is now fully inter-operable with Rampart/Java and IBM's latest WSDL2 implementation. This has been proven in the WS-Policy interop held in Ottawa, Canada(May 23rd-25th).
They have published results here. (See Table 11, 12, 13, 14).
Thanks Manjula and Chinthaka for making this a success. :).
Hmm... I feel I should submit these results to folks who rejected Manjula's visa application on behalf of Canadian embassy ;) in Sri Lanka.

Thursday, May 17, 2007

WSO2 WSF/C 1.0alpha2



WSO2 WSF/C 1.0alpha2 is released now.
You may download it here...

Friday, May 11, 2007

Apache Rampart/C 0.90 is released

Apache Rampart/C 0.90 is released now.
You may download dists available here

Key features of the release are


  1. Ability to send and verify UsernameTokens with
    1. PlainText password
    2. Digested password
  2. Ability to send Timestamp tokens
  3. Policy based configurations as per WS-Security Policy
  4. SOAP message encryption
  5. SOAP message signature

Apache Rampart/C website launched

Apache Rampart/C website is now available under
http://ws.apache.org/rampart/c
The site contains instructions, news, mailing and download information that are vital to Rampart/C users.

Wednesday, May 09, 2007

Apache Axis2/C 1.0


Finally... finally... Apache Axis2/C 1.0 is released.
Due to so many changes and code improvement efforts this has been delayed for a while. But it says "Patience is the mother of a beautiful child. :) So be it.
I think we all are thankful for Samisa's effort to achieve the success we have today.

Check it out here.

Friday, April 20, 2007

Being away from traveling habits...

Looking back over the last year of my life I get this clumsy feeling for not traveling that much. This sometimes, urge me to go India and travel for a week or two. Obviously the cheapest option in hand :). Yeah.. India is a must see country.
I've got lotta experience traveling in Europe. After all it's shengan Visa and a backpack you need and you can cover twenty odd countries. But selecting few countries with different cultures would be the best. I really regret that I couldn't travel in Spain.
Since I came back to Sri Lanka I made only one trip to Texas, US. Well.. its basically for business purposes so the time to see the country wasn't that enough but we had our evening outs. And on our way back there was sometime to travel in Singapore.
The bad thing is that even the short trips we used to have few times a months dried up. Shadows of busy life has fallen in our lifes disallowing it to shine properly. Some are busy 'coz they are about to get married and some 'coz they are already married :). But start of this month I managed to gather few college folks and go canoe in Bolgoda lake. It was fun.

Friday, April 06, 2007

My

I've started uploading my photo collection to Flickr.
http://flickr.com/photos/kaushalye/
These pics I've taken from a little sony digi-cam during my travels. No optical zooms... No filters... :(
Hmm.. I feel I must buy a good camera after seeing pics in other flickr homes.
N'Joy.

Monday, March 26, 2007

Rampart/C in a new address

Rampart/C has moved out of Axis2/C is now a new project. The new address is http://svn.apache.org/repos/asf/webservices/rampart/trunk/c
This has done prior to the release of Axis2/C 1.0 and Rampart/C 0.90.

Thursday, March 22, 2007

Sign SOAP messages with Rampart/C

Rampart/C has moved another step forward by implementing the SOAP message signature. This allows users to sign different parts of a message to ensure the integrity and provide an authentication for messages exchanged via Axis2/C engine. Similar to SOAP message encryption, this also based on WS-Policy configurations.

Wednesday, January 31, 2007

A whole bunch of new features ...

We are ready to write next few chapters of Rampart/C after completing the first two phases.
The first phase of Rampart was to implement Usernametoken and TImestamps. In the second phase we supported SOAP message encryption. First two phases were successful and interoped well with the java counterpart. Meantime the OMXMLSec interoped with xmlsec. Good news ha...?
The third phase of Rampart is consisting of following steps.
1. SOAP message signature
2. SAML support
3. Security policy integration

I'm really looking forward to see these in Rampart/C. One disadvantage (well... ???)is that we have to implement everything from the scratch.For example we have to implement XML signature to support SOAP message signing, We have to implement a SAML library... but these are challenging stuff. On the other hand having own impls is much better than using a third party library. At leas t we know wht's going on...(No covers to open):)