Sunday, December 30, 2007

Hiking in Mee-Muray

Mee-Muray, a village situated in the border of Kandy and Mathale districts in Sri Lanka, was our latest hiking destination. Covered with thick lush green and surrounded by picturesque mountains, it provides the exact essentials you need for a genial hiking.
With many paths to hop-on and places to relax when tired, it requires at least two days to cover the area. A very steep la-ke-gala(gala=rock) and many streams feeding the Mahaveli river are the best attractions. Also it's worth to explore the calm lifestyle of the habitants who are far far away from busy towns and main roads. (36 kms to the closest town). Alternatively bird watching, bathing and hiking in the jungle can be done. Moreover, if you have seen the movie, "Sooriya Arana" which brought you a very nice story between a young buddist monk and child hunter, the locations are mostly from this village and surrounding jungle.

How to go there...
Traveling from Colombo, take the Mahi-yan-gana bus which usually takes 5 to 6 hours for the total journey. Alternatively you may go to Kandy and take the Mahi-yan-gana, Bibi-le, Dehi-atta-kandiya or Udu-dumbara bus. After a one and half hour traveling from Kandy, get down in the Hun-nas-giriya town. From there, you have to test your luck. Usually, if there is no-rain and if the driver thinks he should go to the town, there is a bus going back from Hun-nas-giriya to Mee-muray around 1 PM. Well... to be frank its a small van with big wheels and a driver with a great attitude. If you miss the bus there are two alternatives. First, check with the shop owners in the city for a lorry scheduled to be gone to Mee-muray or a closer destination. The second option is to bargain with taxi drivers(3-wheel), who are a bit reluctant to go to Mee-muray. They usually charge from 1500 to 2500 LKR for the journey and you MUST ask them to bring you to the Mee-muray temple or the school. Do not say just Mee-muray and you would definitely end-up in a place where they'd like to drop you off. Alternatively if you do not have a heavy luggage and would like to depend on your feet, take the bus to Lool-watta and walk from there to Mee-muray for next 17 kms.

More places to visit...
Saying all these, the best option is to use a 4WD vehicle. The road is not that bad but there are certain places that you need to use such a vehicle with a good ground clearance. And there are other advantage of avoiding public transport apart from saving the time and energy. On your way to Mee-muray, the first part of traveling is through tea states lies on high mountains. So you may get down and taste a snack looking at gorgeous valleys and mountains. Also you may stop by a place called Deanston, after a 7 kms of traveling. The area is filled with birds, butterflies and flowers. And about 1.3kms away from the road you may go to a mini world's end to have a good look at the 90 degree slope and Dumbara mountains. Also the Garandi falls, Yahan gala rock, Mahiyangana valley and Sora-bora lake can be seen far away in a less cloudy day.

What to bring...
You may buy essential food in Hun-nas-giri town or in Kandy preferably. Noodles, chocolates, cheese are lesser in weight. Also bring something to apply to get rid of leeches. We usually make a mix of salt and soap. If you plan to climb the la-ke gala rock, you'll need a strong rope too. Also bring enough clothes and blankets to face chilling nights.

Where to stay...
The most common places to stay are the temple and the school. Sometimes a good smile and a friendly chat can make your stay in a warm house too. Do not expect much from these poor families. They have only what they need for their survival. But they would definitely assist to make your stay a comfortable one in the village. For example in the first day we were freezing due to the coldness of the ground and in the chilling breeze in the night. The second day we had some mats thanks to an old couple living nearby.

Satisfaction...
Is mostly depend on your interests. If you are up to experience the difference between your warm bed and hardness on a pan-pedura(a mat) or to experience the ear-locking silence in the night, your satisfaction can be guaranteed. Also if you are a photographer, a bird watcher or a hiking lover you wouldn't be disappointed. If you are non of these and would like to just see the village it's better to reserve a room in the Deanston circuit bungalow about 30kms away, and come to the village during the day time. Alternatively you may book a camping site in the same location. You may get a tent for about 800LKR enough for 12 people.


Thursday, December 20, 2007

XML User Interface Language

If you have written an extension to mozilla, chances are less that you haven't seen an *.xul file. This file contains instructions on how the UI is organized. How the buttons/menus are added and how the layout should be etc.
The XUL is the markup language for creating user interfaces behind all these. Find out more about XUL in the following tutorial.
http://www.xulplanet.com/tutorials/xultu/

Friday, December 14, 2007

Encrypting SOAP messages using PHP

If you have configured WSO2 WSF/PHP in your system, it takes only a few additional lines to get your SOAP messages encrypted.
Following is a PHP script, showing the necessary steps that you need to follow.
<?php
$reqPayloadString = <<<XML
<ns1:Privacy xmlns:ns1="http://privacy.abc.com/privacy"><Info>MyConfidentialInfo</Info></ns1:Privacy>
XML;

try {

/* 1. Load certificates*/
$rec_cert = ws_get_cert_from_file('your/path/to/certificate.cert');
$pvt_key = ws_get_key_from_file('your/path/to/private_key.pem');

/* 2. Create a new message request*/
$reqMessage = new WSMessage($reqPayloadString,
array("to"=>"http://privacy.abc.com/your/privacy_service.php",
"action" => "http://privacy.abc.com/privacy"));

/* 3. Create a security array to keep security properties*/
$sec_array = array("encrypt"=>TRUE,
"algorithmSuite" => "Basic256Rsa15",
"securityTokenReference" => "EmbeddedToken");

/* 4. Create a policy using the security array*/
$policy = new WSPolicy(array("security"=>$sec_array));

/* 5. Create a new security token*/
$sec_token = new WSSecurityToken(array("privateKey" => $pvt_key,
"receiverCertificate" => $rec_cert));

/* 6. Create a new web service client*/
$client = new WSClient(array("useWSA" => TRUE,
"policy" => $policy,
"securityToken" => $sec_token));
/* 7. Request*/
$resMessage = $client->request($reqMessage);

} catch (Exception $e) {
if ($e instanceof WSFault) {
printf("Soap Fault: %s\n", $e->Reason);
} else {
printf("Message = %s\n",$e->getMessage());
}
}
?>

A complete article on this can be found here...

Wednesday, December 12, 2007

WSO2 Identity goes 1.0

Providing the CardSpace authentication with an identity provider and a set of relying party components, WSO2 Identity Solution 1.0 has been released y'day. It comes with a cost of $0 under Apache license 2.0.
So why not try now?

Sunday, December 09, 2007

Federated Sign On explained



  • Company A maintain their employee records
  • Company B provide services
  • Company A's employee Mr.X need to access Company B's services
  • Company A and B form a federation
  • Company B trust, A's employees and allow Mr.X to access their services.

In this way company B don't have to maintain records of employees of company A(and A1, A2, A3...)

And also Mr.X's privacy is guaranteed by Company A

Friday, December 07, 2007

Planing to secure web services?

When you plan to secure your web services, first you need to understand the exact security requirements. If you do not care about providing message level security, you can easily use the transport layer security. As an example web services over HTTPS.

If you do care, to protect messages even after the transit, or you have multiple intermediaries that need to be involved in the message delivery process, you need to go for the message level security.



Alternatively you may use both these together. For example you might use the transport layer security provide the confidentiality while using message level security for authentication purposes.

Apart from understanding the basic standards such as XML Encryption, XML Signature, Keys management in SOAP message security, you need to understand how to configure the security features.

The common standard for this in web services is to follow WS-Policy and WS-Security Policy specifications. These two specifications defined the behavior model for web services. For example whether the message need to be encrypted, signed, what type of tokens to be included in the security header etc. Also a requirement for one service may not be valid for another. Thus defining service specific requirements might be necessary.

Wednesday, December 05, 2007

Tuesday, December 04, 2007

MTOM attachments and SOAP message encryption

If we are to guarantee the confidentiality of SOAP message we have to encrypt them. For example a SOAP body may carry information that are only for authorized parties.
But what about MTOM attachments? Is it not possible to encrypt them? Do we have to send them as it is?
The answer is NO. We must encrypt the attachment as well. For example, such attachments might carry some confidential image or a secret key in binary format.
The question came in the way AXIOM handled attachments. For example in order to encrypt a particular node, the first step would be to serialize it. But when the serialization happens, the attachment is ignored. Thus the confidentiality is not applied to the attachment.
As a solution for this, we have to get the attachment as a base64 encoded string. Then this whole content should be encrypted. In fact this is now possible with the newly introduced axiom_node_to_string_non_optimized() function, which returns non-optimized base64 encoded string representation of the MTOM attachment. So when ever it is necessary to use xml encryption in OMXMLSec, it is required to use the above function to serialize the XML data.

Following code segment shows how to we do the above

axis2_char_t *serialized_data = NULL;
oxs_buffer_t *serialized_buf= NULL;
axis2_status_t ret = AXIS2_FAILURE;

...
/*Serialize node*/
serialized_data = axiom_node_to_string_non_optimized(node, env);
serialized_buf = oxs_buffer_create(env);
ret = oxs_buffer_populate(serialized_buf, env, (unsigned char *)serialized_data, axutil_strlen(serialized_data));

/*We call encrypt_data*/
ret = oxs_xml_enc_encrypt_data(env, enc_ctx, serialized_buf, enc_type_node);