We have decided to release the source code for our WS-Security (Kerberos, Username) and our TIP transaction implementations under a BSD-style license before the end of this week.
This means that you will be able to incorporate the code into your own commercial projects free of charge, extend it and play around with it as you wish.
newtelligence believes that it is too early in the development cycle of WS-Security to maintain a proprietary implementation (at least not one by us) and it will benefit the Web Services community to make these .NET implementations available.
As far as we know, our security package has the first public WS-Security implementation with Kerberos support and we think that Kerberos is so essential for achieving single sign-on, secure Web services in a distributed world that we want to share this code to (a) underline our position and (b) to get the ball rolling.
The implementation is not perfect or complete and there are indeed things that the WS-Security spec calls for that cannot be implemented using the Windows 2000/XP Kerberos SSP as it is today. Signature is entirely absent, because the Kerberos SSP doesn't expose the session key (which is required for the sigature as per WS-Security) and the Kerberos SSP's encryption algorithm isn't well-known in XML Encryption. Still, the code is implemented in line with the MS guidelines for GSSAPI (MIT Kerberos) interoperability, so that there is at least hope to get this stuff to interoperate with Unix-based implementations - figuring this out is one thing that we hope to be able to accomplish with your help.
We will post the code to our website as soon as we get the licensing right and have updated the projects accordingly and will inform you again once the code is available.
[ 12-07-2002, 18:42: Message edited by: NiMS ]
-------------------- People are like pieces of a puzzle. We all fit together, but not all of us connect. Berichten: 6985 | Plaats: Zeist | Geregistreerd: Jul 2002
|
geplaatst
Note from nims: I have offered to be a code mirror. Keep this thread in mind, to be updated....
-------------------- People are like pieces of a puzzle. We all fit together, but not all of us connect. Berichten: 6985 | Plaats: Zeist | Geregistreerd: Jul 2002
|
newtelligence Announces Source Code Release For WS-Security & Kerberos For ASP.NET ---------------------------------------------------------------------------------- KORSCHENBROICH, Germany -- July 11, 2002 -- newtelligence, an XML Web Services "Think Tank" and developer services firm based in Korschenbroich (Düsseldorf), Germany, has released the first public implementation of the essential Web Services security protocol WS-Security for Microsoft's ASP.NET web services platform today - for free, including source code, and under a BSD-style license, available from http://www.newtelligence.com/wsextensions The "newtelligence Web Service Security Extensions" support distributed authentication and single sign-on with Kerberos as well as cleartext authentication against Windows domains. Along with the release of the WS-Security toolkit, newtelligence has also released the source code for the "newtelligence Web Service Transaction Extensions", another extension module for ASP.NET, which enables two phase transactions in Intranet environments using the Transaction Internet Protocol (TIP). This release is also free and provided under a BSD-style license. The full toolkit is complimented by two additional extension modules, offered under a different license, which provide enhanced Web Service Management and Session Management capabilities for ASP.NET. "Our company mission is helping developers", newtelligence CTO and MSDN Regional Director (Germany) Clemens Vasters says about the release, "and we are have been talking to many developers and architects about Web Services in recent months. What we kept hearing is that they want security, transactions, manageability and sessions. The WS-Security implementation that we have released today has been around in our labs for quite a while now and we weren't sure what to do with it. The conclusion that we finally reached is that it doesn't make sense to hang on to a proprietary solution for this key standard for a company of our size and so we decided to open it up for everybody." On newtelligence's goals behind this release, Vasters continued: "We are not an open source company. We are really not a software company, at all. We are analysts and educators and we drill down into other people's things to help yet other people to understand them better. We just happen to be somewhat decent developers at the same time. So, what's our goals here? We firmly believe that WS-Security is the way for Web Service security. We also believe that distributed authentication on an Internet scale must work. IBM and Microsoft have done a great job defining these things. Combining WS-Security and Kerberos in the way they did it is the right path. Still, this is a nascent standard and they are issues with it. Our goal is to provide developers with a tool to work with that demonstrates that WS-Security is not a paper tiger. Our goal is to give them something they can use to become familiar with Kerberos and also the difficulties of getting things to run in their Intranet or even on the Internet. Our goal is to get something out there that helps the Web Services community find out about the challenges of distributed authentication." Bart DePetrillo, Business Development Director and future CEO of newtelligence added: "We could have made this an actual product. People who had evaluated the kit earlier were asking us to make these things available commercially. We don't think it would be right. The standards are not finialized and still in very early stages. It's not our intent to compete with Microsoft or IBM on implementation. Eventually, both will come out with bigger, faster and better things - and this is what everyone, including us, expects. What we are doing here is just to deliver a stepping stone and something to get the ball rolling."
newtelligence AG -- Founded in 2000, newtelligence AG is an XML Web Services "Think Tank" and developer services company, based in Korschenbroich (near Düsseldorf), Germany. newtelligence offers training content development, white papers and custom training workshops for the Microsoft .NET Framework, XML Web Services and BizTalk Server. Corporate Web site: http://www.newtelligence.com Press Contact: Bart A. DePetrillo, bartd@newtelligence.com, +49-2161-40260-0 (9am-6pm CET)
-------------------- People are like pieces of a puzzle. We all fit together, but not all of us connect. Berichten: 6985 | Plaats: Zeist | Geregistreerd: Jul 2002
|
-------------------- People are like pieces of a puzzle. We all fit together, but not all of us connect. Berichten: 6985 | Plaats: Zeist | Geregistreerd: Jul 2002
|