| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
| "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <html xmlns="http://www.w3.org/1999/xhtml"> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> |
| <link rel="stylesheet" href="../style/bootstrap-1-3-0-min.css" type="text/css" /> |
| <link rel="stylesheet" href="../style/style.css" type="text/css" /> |
| <title>Streaming-WebService-Security-Framework (swssf) Codebase Intellectual Property (IP) Clearance Status - Apache Incubator</title> |
| |
| </head> |
| <body> |
| <div class="container"> |
| <div class="row"> |
| <div class="span12"> |
| <a href="http://www.apache.org/"><img src="http://incubator.apache.org/images/asf_logo_wide_small.png" alt="The Apache Software Foundation" border="0" style="margin-top: 2px" width="62%"/></a> |
| </div> |
| <div class="span4"> |
| <a href="http://incubator.apache.org/"><img src="../images/egg-logo2.png" alt="Apache Incubator" border="0"/></a> |
| </div> |
| </div> |
| <div class="row"><div class="span16"><hr noshade="noshade" size="1"/></div></div> |
| |
| <div class="row"> |
| <div class="span4"> |
| <form action="http://www.google.com/search" method="get"> |
| <input value="incubator.apache.org" name="sitesearch" type="hidden"/> |
| <input size="20" name="q" id="query" type="text" value="search..." |
| onclick="if(this.value == 'search...') {this.value = ''}"/> |
| <input name="Search" value="Go" type="submit"/> |
| </form> |
| <div class="menuheader">General</div> |
| <menu compact="compact"> |
| <li><a href="../index.html">Welcome</a></li> |
| <li><a href="../incubation/Process_Description.html">Incubation Overview</a></li> |
| <li><a href="../incubation/Incubation_Policy.html">Incubation Policy</a></li> |
| <li><a href="../guides/index.html">Incubation Guides</a></li> |
| <li><a href="../incubation/Roles_and_Responsibilities.html">Roles and Responsibilities</a></li> |
| <li><a href="../faq.html">General FAQ</a></li> |
| <li><a href="http://wiki.apache.org/incubator">Incubator Wiki</a></li> |
| <li><a href="../whoweare.html">Who We Are</a></li> |
| <li><a href="../sitemap.html">Site Map</a></li> |
| </menu> |
| <div class="menuheader">Status</div> |
| <menu compact="compact"> |
| <li><a href="../projects/index.html">Project List</a></li> |
| <li><a href="../clutch.html">Clutch Report</a></li> |
| <li><a href="../ip-clearance/index.html">IP Clearance</a></li> |
| <li><a href="../history/index.html">Incubator History</a></li> |
| </menu> |
| <div class="menuheader">Entry Guides</div> |
| <menu compact="compact"> |
| <li><a href="../guides/proposal.html">Proposal Guide</a></li> |
| </menu> |
| <div class="menuheader">Podling Guides</div> |
| <menu compact="compact"> |
| <li><a href="../guides/committer.html">Podling Committers</a></li> |
| <li><a href="../guides/ppmc.html">Podling PMC (PPMC)</a></li> |
| <li><a href="../guides/mentor.html">Podling Mentor</a></li> |
| <li><a href="../guides/releasemanagement.html">Podling Releases</a></li> |
| <li><a href="../guides/branding.html">Podling Branding/Publicity</a></li> |
| <li><a href="../guides/sites.html">Podling Websites</a></li> |
| <li><a href="../guides/graduation.html">Graduation</a></li> |
| <li><a href="../guides/retirement.html">Retirement</a></li> |
| </menu> |
| <div class="menuheader">Other Guides</div> |
| <menu compact="compact"> |
| <li><a href="../guides/participation.html">Participation</a></li> |
| <li><a href="../faq.html">General FAQ</a></li> |
| <li><a href="../guides/pmc.html">Incubator PMC (IPMC)</a></li> |
| <li><a href="../guides/chair.html">IPMC Chair</a></li> |
| <li><a href="../guides/lists.html">Mailing Lists</a></li> |
| <li><a href="../guides/website.html">Incubator Website</a></li> |
| </menu> |
| <div class="menuheader">ASF</div> |
| <menu compact="compact"> |
| <li><a href="http://www.apache.org/foundation/how-it-works.html">How Apache Works</a></li> |
| <li><a href="http://www.apache.org/dev/">Developer Documentation</a></li> |
| <li><a href="http://www.apache.org/foundation/">Foundation</a></li> |
| <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsor Apache</a></li> |
| <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li> |
| </menu> |
| <!-- start Ads Server --> |
| <iframe src="http://www.apache.org/ads/buttonbar.html" |
| style="border-width:0; float: left" frameborder="0" scrolling="no" |
| width="135" height="265"></iframe> |
| <!-- end Ads Server --> |
| </div> |
| |
| <div class="span12"> |
| <h2 id='Codebase+IP+Clearance+TEMPLATE'><img src="../images/redarrow.gif" />Codebase IP Clearance TEMPLATE</h2> |
| <div class="section-content"> |
| </div> |
| <h2 id='Streaming-WebService-Security-Framework+(swssf)+Codebase+Intellectual+Property+%28IP%29+Clearance+Status'><img src="../images/redarrow.gif" />Streaming-WebService-Security-Framework (swssf) Codebase Intellectual Property (IP) Clearance Status</h2> |
| <div class="section-content"> |
| </div> |
| <h2 id='Description'><img src="../images/redarrow.gif" />Description</h2> |
| <div class="section-content"> |
| <p> |
| In order to be able to use WS-Security, typically the DOM processing model will be applied. |
| For further processing, the XML document must be fully read into an object-tree by |
| the DOM parser. The whole object-tree is hold in the computer memory during the processing. This requires |
| a lot of processor and memory resources. Now, if an attacker sends over-sized SOAP documents, it can lead |
| to a Denial-of-Service (DoS) attack. For encrypted documents the memory consumption is even higher. |
| Firstly, the entire SOAP Message must be read into memory, then the decryption can be performed. |
| The decrypted XML part must be read in an object-tree again. At this time, both the encrypted and decrypted |
| XML part is present in the memory. Afterwards the encrypted XML part can be replaced with the decrypted one. |
| </p> |
| <p> |
| WS-Security provides integrity, authenticity and confidentiality at the message level. But which parts of |
| the SOAP message must be secured and how is not defined in the WS-Security standard. What are the |
| requirements for a SOAP client to access a Web Service successfully? Must the entire SOAP body to be encrypted? |
| Is a timestamp expected? Must the message be signed? Which keys must be used and in which format are they |
| expected? In order to express such requirements, the WS-SecurityPolicy standard was introduced. |
| </p> |
| <p> |
| If WS-SecurityPolicy is applied in an DOM environment and the client sends a message which does not |
| correspond to the policy, a lot of computer resources are unnecessarily wasted again. The DOM parser fully |
| reads the message into memory, the WS-Security framework processes the document using the security header |
| and as last the WS-SecurityPolicy framework notes that the document was not protected as the policy it demanded. |
| </p> |
| <p> |
| This work presents a streaming-based WebService-Security-Framework with the ability to process large SOAP |
| documents efficiently. The streaming-based processing of the messages is done via the StAX-API. With the |
| streaming-oriented approach it is possible to gradually read and process the messages without keeping the |
| entire message in the memory. If it is not possible to process the message, for example because the used keys |
| are not known, the process can be aborted immediately. |
| </p> |
| <p> |
| The integration of WS-SecurityPolicy makes it possible to achieve the wished "fail-fast" behavior. This is, |
| because policy relevant events can and will be evaluated immediately. |
| </p> |
| <p> |
| Me, Marc Giger <gigerstyle@gmx.ch> contributes/donates my Streaming-WebService-Security-Framework (swssf) to |
| the WSS4J project. A part of this work (encryption, decryption and policy-verification) was developed for |
| my master-thesis in Applied IT Security. The swssf codebase consists of about 26396 lines java code and |
| additionally about 9263 lines of test code (526 Tests). |
| </p> |
| <p> |
| The contributed code is attached to issue WSS-311 |
| </p> |
| </div> |
| <h2 id='Project+info'><img src="../images/redarrow.gif" />Project info</h2> |
| <div class="section-content"> |
| <ul> |
| <li>Which PMC will be responsible for the code: Apache Web Services</li> |
| </ul> |
| <ul> |
| <li>Into which existing project/module: WSS4J</li> |
| </ul> |
| <ul> |
| <li>Officer or member managing donation: Daniel Kulp</li> |
| </ul> |
| <p> |
| <em>Completed tasks are shown by the completion date (YYYY-MM-dd).</em> |
| </p> |
| <h3 id='Identify+the+codebase'>Identify the codebase</h3> |
| <div class="section-content"> |
| <table class="colortable" width="100%"> |
| <tr> |
| <th>date</th> |
| <th>item</th> |
| </tr> |
| <tr> |
| <td>2011-08-23</td> |
| <td>If applicable, make sure that any associated name does not |
| already exist and is not already trademarked for an existing software |
| product.<br /> |
| The framework will be integrated into WSS4J-2 and most probably renamed accordingly</td> |
| </tr> |
| </table> |
| <p> |
| MD5 or SHA1 sum for donated software: The svn dump is attached to https://issues.apache.org/jira/browse/WSS-311 |
| and has an md5 of 9cd87d1ae47029f37fc4e30f7c185ebd and is digitally signed by the original author with a signature of: |
| <pre> |
| -----BEGIN PGP SIGNATURE----- |
| Version: GnuPG v2.0.17 (GNU/Linux) |
| |
| iQEcBAABAgAGBQJOUQOgAAoJEF8Zt+R9dfyulyoIAKCQKQVvqNPC45j/MufbKs67 |
| J+7vK8hooJ8A3IaxRx0b5iIZwbWN1rX367yKniEMulkW9mNeu+VKj8d6JZcZuLkF |
| I9IqNUrNG8o+u1LKD+84jdni8NVha584UXWJELG3I7000zX2AnTe6M3ePlOltj1G |
| G7luUoMBLmsxTt4LIST+W1AAGlbwslRCe98CnWeYSrVDp+MFqd4z084ZkPTYLEJH |
| bGFMWPIRtJpAp1mBUkykBHSp94g1blmYEZsqAQWivOZWRibYCEMMZ+bNqdt6QBrP |
| imgQXercKOaXWbc2x37/1bSouGoBLel/l/PWeRzxjGF4Ol/OUKeqkHp1YBdzQcE= |
| =6WD3 |
| -----END PGP SIGNATURE----- |
| </pre> |
| </p> |
| <h4 id='Copyright'>Copyright</h4> |
| <div class="section-content"> |
| <table class="colortable" width="100%"> |
| <tr> |
| <th>date</th> |
| <th>item</th> |
| </tr> |
| <tr> |
| <td>2011-08-29</td> |
| <td>Check and make sure that the papers that transfer rights to |
| the ASF been received. It is only necessary to transfer |
| rights for the package, the core code, and any new code |
| produced by the project.</td> |
| </tr> |
| <tr> |
| <td>2011-08-24</td> |
| <td>Check and make sure that the files that have been donated |
| have been updated to reflect the new ASF copyright.</td> |
| </tr> |
| </table> |
| <p> |
| Identify name recorded for software grant: <em>the name of the grant as record |
| in the grants.txt document so that the grant can be easily identified</em> |
| </p> |
| </div> |
| <h4 id='Verify+distribution+rights'>Verify distribution rights</h4> |
| <div class="section-content"> |
| <p> |
| Corporations and individuals holding existing distribution rights: Marc Giger |
| </p> |
| <ul> |
| <li> |
| <em>For individuals, use the name as recorded on the committers page</em> |
| </li> |
| </ul> |
| <table class="colortable" width="100%"> |
| <tr> |
| <th>date</th> |
| <th>item</th> |
| </tr> |
| <tr> |
| <td>2011-08-23</td> |
| <td>Check that all active committers have a signed CLA on |
| record.</td> |
| </tr> |
| <tr> |
| <td>2011-08-23</td> |
| <td>Remind active committers that they are responsible for |
| ensuring that a Corporate CLA is recorded if such is |
| required to authorize their contributions under their |
| individual CLA.</td> |
| </tr> |
| <tr> |
| <td>2011-08-23</td> |
| <td>Check and make sure that for all items included with the |
| distribution that is not under the Apache license, we have |
| the right to combine with Apache-licensed code and |
| redistribute.</td> |
| </tr> |
| <tr> |
| <td>2011-08-23</td> |
| <td>Check and make sure that all items depended upon by the |
| project is covered by one or more of the following approved |
| licenses: Apache, BSD, Artistic, MIT/X, MIT/W3C, MPL 1.1, or |
| something with essentially the same terms.</td> |
| </tr> |
| </table> |
| <p>Generally, the result of checking off these items will be a |
| Software Grant, CLA, and Corporate CLA for ASF licensed code, |
| which must have no dependencies upon items whose licenses that |
| are incompatible with the Apache License.</p> |
| </div> |
| </div> |
| <h3 id='Organizational+acceptance+of+responsibility+for+the+project'>Organizational acceptance of responsibility for the project</h3> |
| <div class="section-content"> |
| <p> |
| Related VOTEs: |
| </p> |
| <ul> |
| <li><a href="https://mail-search.apache.org/members/private-arch/ws-private/201108.mbox/%3C8221192.ACzd2zs93s@dilbert.dankulp.com%3E">Vote thread on the WebServices PMC</a> (private list, ASF members only)</li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| </div> |
| |
| <div class="row"><div class="span16"><hr noshade="noshade" size="1"/></div></div> |
| <div class="row"> |
| <div class="span16 footer"> |
| Copyright © 2009-2016 The Apache Software Foundation<br /> |
| Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.<br/> |
| Apache Incubator, Apache, the Apache feather logo, and the Apache Incubator project logo are trademarks of The Apache Software Foundation. |
| |
| |
| </div> |
| </div> |
| </div> |
| </body> |
| </html> |