Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[higgins-dev] STS Platform Requirements (was: RE: Updated agenda for 5pm ET teleconf) 
higgins-dev-bounces@xxxxxxxxxxx wrote on 04/20/2006 04:57:51 PM:

> 
> >    * What Web Services stack should we use? Apache AXIS2?
> 
> You may want to consider looking into the stacks used in the WebTools 
and
> STP projects before committing here. Commonality would be nice :-)

That is the plan, however there are still questions that must be 
answered...
STP and WTP are essentially development tooling platforms that are 
reasonably independent of the runtime platform. When you generate a Web 
Service server or client using WTP, you select from a set of target 
runtime platforms, including: Apache (Tomcat: 3.2, 4.0, 4.1, 5.0, 5.5) 
Axis, BEA (WebLogic: 8.1, 9.0), IBM (WebSphere 6.0), JBoss (3.2.x, 4.0), 
ObjectWeb (JOnAS 4), and Oracle (OC4J 10.1.3). The code that is generated 
is specific to the selected target platform and the generated code does 
not rely on any Eclipse runtime component beyond the generated code.

Each of these runtime environments brings with it a lot of unnecessary 
functionality. This may become a problem if we would like this reference 
STS to be deployed on a variety of platforms such as: PDAs, Cellphones, 
SmartCards, Laptops, Desktops, Multiuser Computers, etc.

I assume we will want to support at least Linux and Windows OS platforms.

STS Server requirements would include:
        Consume RST containing arbitrary tokens supported via Plugins:
                At a minimum support:
                        UsernameToken
        Generate RSTR containing arbitrary tokens supported via Plugins:
                At a minimum support:
                        SAML 1.1
        Consume RST containing either:
                wsp:Policy element
                wsp:AppliesTo element
        Generate WS-Transfer Get, Consume GetResponse to retrieve Identity 
Attributes/Claims/Stuff from Attribute Service.
                At a minimum support those Claims supported by InfoCard.

My feeling is that the target runtime platform must provide (too much 
trouble to implement from scratch): an XML Parser and associated API, 
support for HTTP and HTTPS, support for XML Signature and XML Encryption. 
Nice to have features (could be implemented using the must have features 
if necessary) would be: support for SOAP, WS-Security, and WS-Addressing.

I am unaware of any Eclipse platform support for XML Signature and XML 
Encryption, so I guess that brings in at least something like Apache XML 
Security. Once you bring in Apache IP, you might just as well bring in 
Axis (SOAP), Addressing (WS-Addressing), and WSS4J (WS-Security). 
Theoretically, targetting Axis allows deployment on any generic Servlet 
engine.

Some questions remain:
1) Are there any other more reasonable alternatives?
2) Since the Higgins core should be designed to work with any STS and this 
STS should be designed to work with and WS-Trust client, should the 
reference STS work be done as part of the Higgins project or as a separate 
effort?
3) If this should be separate, should this be done in Eclipse or Apache?

Thank,
Mike

Back to the top