Cardspace authenitcation with Identity Solution

WSO2 Identity solution 1.5 has been released. The new version supports SAML 2.0, which is a very handy feature to have.
Check more details about the release here.
You can also listen to this podcast by Prabath Siriwardena

C web services : A locus for demos

It's now possible to try out some of the samples/demos written using the WSO2 WSF/C. This page contains the downloadable archives, source codes and documentations. You can view, rate and try these samples and publish your own ones too. If you are interested in developing such demos, please drop an email to wsf-c-dev@wso2.org.
Right now we have an amazonclient, which can be used to do on-line transactions with Amazon E-commerce Service, a windows shell extension (aka FlickrPal), which can be used to upload you images to Flickr and a store client and manufacturing server to demo, how to address a typical business problem using WSO2 WSF/C.

Writing a secure client in Ruby

WSF/Ruby provides an easy to use API to consume and deploy web services. Adding the Apache Rampart/C features, it also provides SOAP message confidentiality, integrity and authentication.
In the following four easy steps we will show how to write a secure client using WSF/Ruby.

1. Create the policy. Here we need to encrypt using the Basic256Rsa15 algorithm suite and the relavent key information should be identified using the Issuer name and the serial number of the certificate

      
       policy_content = {"encrypt"=> true,
                     "algorithm_suite" => "Basic256Rsa15",
                     "security_token_reference" => "IssuerSerial"}
       policy = WSPolicy.new({"security" => policy_content}

2. Create the security token. Note that the private keys and certificates need to be loaded

  
   security_options = {"private_key" => pvt_key,
                       "receiver_certificate" => rec_cert}
   security_token = WSSecurityToken.new(security_options)

3. Create options for policy and security token. Here the use_wsa=true means that the clinet MUST include WS Addressing header in the message.

  
   options = {"use_wsa" => true,
              "policy" => policy,
              "security_token" => security_token}

4. Request from the service. For this we need to create the client.

  
    client = WSClient.new(options, LOG_FILE)
    res_message = client.request(payload)

The complete source code is as follows.

  
require 'wsf'
require 'rexml/document'

include WSO2::WSF
include WSO2::Util

#This is your pay load
req_payload = << XML
Hello World!
XML

begin
   LOG_FILE = "security_sample.log"
   ACTION = "http://php.axis2.org/samples/echoString"
   END_POINT = "http://localhost:3000/encryption/encryption"

   message_properties = {"to" => END_POINT,
                         "action" => ACTION}

   #Load certificates and keys from the disk
   rec_cert = WSUtil::ws_get_cert_from_file("../keys/bob_cert.cert")
   pvt_key = WSUtil::ws_get_key_from_file("../keys/alice_key.pem")
 
  #The payload or the body of the SOAP message
   payload = WSMessage.new(req_payload,
                           nil,
                           message_properties)

    #Create the security policy
   policy_content = {"encrypt"=> true,
                     "algorithm_suite" => "Basic256Rsa15",
                     "security_token_reference" => "IssuerSerial"}

   policy = WSPolicy.new({"security" => policy_content})

    #Create the security token
   security_options = {"private_key" => pvt_key,
                       "receiver_certificate" => rec_cert}
 
   security_token = WSSecurityToken.new(security_options)

    #Create option for the client
   options = {"use_wsa" => true,
              "policy" => policy,
              "security_token" => security_token}
  
    #Create a client instance
   client = WSClient.new(options, LOG_FILE)

    #Request
   res_message = client.request(payload)

   if not res_message.nil? then
      puts "Received OM: "<< "\n" << res_message.payload_to_s << "\n\n"
      puts "Client invocation SUCCESSFUL !!!"
   else
      puts "Client invocation FAILED !!!"
   end

#If SOAP fault, print the details
rescue WSFault => wsfault
   puts "Client invocation FAILED !!!\n"
   puts "WSFault : "
   puts wsfault.xml
   puts "----------"
   puts wsfault.code
   puts "----------"
   puts wsfault.reason
   puts "----------"
   puts wsfault.role
   puts "----------"
   puts wsfault.detail
   puts "----------"

rescue => exception
   puts "Client invocation FAILED !!!\n"
   puts "Exception : " << exception
end

More security samples can be found here...

WSF/PHP : Creating Business-Conscious IT Solutions

In this article I have shown how to address a typical business communication scenario using WSF/PHP. It also discusses the importance of the message level security and shown how exactly those will be used in a scenario like this. The complete source code is available here.

What's beyond C web services?

Recently I started adding entries to the C web services blog. Doing so, I must state that C web services are not only limited to the C language itself, but also a basis for other programming languages. So far this has become a reality for PHP, Perl, Ruby and C++. Other scripting languages such as python to be added to the list in the future. The reason behind this successful pumping of array of frameworks to the community is the solid WSF/C, which is a web services framework written in C language. The framework allows you to consume and deploy web services easily and securely. WSF/C integrates the famous Axis2/C engine with implementations of various WS-* standards such as WS-Security, WS-RM, WS-Addressing and WS-Policy.
So why not conquer the web services beyond the C territory. :)
Click on and image to go to the respective project home pages.

Product of the year 2007 - GOLD - To WSO2 WSAS

Being awarded to WSO2 WSAS (Data Services).

Congratulations folks !!!
You deserve it.
--More--

Username and passowrd is not enough

If you are planning to steal a username and the password of your colleague, you'd better check this out. If he is clever enough to use key stroke dynamics with the GDM (Gnome Display Manager), you'll have to watch and practice a lot how he types them.
By modifying the GDM it is possible to store an encrypted hash of your key stroke pattern. This pattern will be verified using the key stroke dynamics in the next time you log in. Following article will show how to modify the GDM.

Identify and verify users based on how they type

Open source will quietly take over

Read a nice article about the Open Source and it's future. Here are few lines from it.

...Users who reject open source for technical, legal or business reasons might find themselves unintentionally using open source despite their opposition...

..."Much of the availability, management and DBMS licensing costs will remain proprietary," says the report, and "version control and incompatibilities will continue to plague open-source OSs and associated middleware"...

...Open source gives massive scalability at no transaction cost, for whatever you are doing...

The full article is here...

A collection of PHP demos

Wanna try out some samples in PHP web services?
Try out this collection of demos.
You can try, download, rate samples and view the source code to get an idea what you can do with web services in PHP language. The demos here are developed with WSO2 Web Services Framework for PHP (WSF/PHP).

Spring the WSF/*

Adding yet another member to the WSF family WSO2 has announced the release of WSF/Spring 1.0.
Similar to other WSF products, this too is released under the Apache license 2.0. Now the spring users would be able to expose web services using the famous Apache Axis2/Java engine. The framework is also powered by the WS-* of implementations including WS-Security, WS-SecurityPolicy, WS-Policy, WS-Addressing, WS-ReliableMessaging and WS-Eventing. Here you will find a quick start guide.