Tuesday, September 23, 2008

XKMS features of WSO2 Web Service Application Server WSAS (WSO2 WSAS)

WSO2 WebService Application Server (WSO2 WSAS) is an enterprise application server powered by Apache Axis2 and one of it’s main advantages is it’s rich set of built in security features. XKMS is one of those features that works out of the box with WSO2 WSAS. Let’s look at what are the XMKS capabilities of WSO2 WSAS.

XML Key Management Specification (XKMS)
WS - Security is build on top of XML Signature and XML Encryption specifications and those cryptographic operations are tightly integrated with public key infrastructure. For large scale web services involving large number of parties, key management becomes a major issue and has to be dealt with great effort. XML Key Management Specification tries to deal with this issue by defining a standard protocol for registering, distributing and processing public keys suitable for use in conjunction with XML Signature and XML Encryption. Main objective of XKMS Specification is to define XML based trust web services for processing and management of PKI-based cryptographic keys. Trust web services can be used to manage keys in a standard way on top of existing web service infrastructure. This allows web services to delegate the key processing functionality to XKMS trust web services reducing the complexity and making it more manageable. XKMS builds a layer of abstraction it allows the web services to switch between different PKI solutions.

WSO2 WSAS as a XKMS trust web service

WSO2 WSAS ships with an in built XKMS trust web service which has built on top of XKMS specification and consists of 5 services which can be used to simplify key management.

i) Register service
ii) Locate service
iii) Validate service
iv) Revoke service
v) Recover service
vi) Reissue service



You can configure WSAS XKMS trust web Service very easily using the WSAS web management console. Please take a look at WSAS XKMS sample guide for information on how to use WSAS XKMS trust web service.


WSO2 WSAS as a XKMS client

WSO2 WSAS also lets you to use an external XKMS trust web service do you key management. If you want to delegate to the key management to a XKMS trust web Service all you got to do is uncomment these lines in the axis2.xml that is in the conf directory of WSO2 WSAS and fill in the necessary information.

<axisconfig name="AxisJava2.0">
<!--
Following parameter will enable the use of specified XKMS service to
locate, validate keys by the WS-Security provider
-->
  <parameter name="XKMSConfig" enabled="true">
      <URL>http://xkms_server_host_name:port/services/xkms</URL>
      <PassPhrase>secret</PassPhrase>
  </parameter>
</axisconfig>


When XKMS is not enabled, keys used for cryptographic operations retrieved from the key stores that are associated with a service. But when XMKS is enabled, ServerCrypto, the custom crypto implementation of WSO2 WSAS will try to retrieve the keys from the given XKMS service.


Bookmark this post with:

  • Digg
  • StumbleUpon
  • Delicious
  • Reddit
  • Newsvine
  • Facebook
  • Google
  • Yahoo
  • Technorati
Posted by Nandana Mihindukulasooriya at 10:31 AM
Labels: , ,
Subscribe to: Post Comments (Atom)