XWS-Security Home

XWS-Security Samples

XML and Web Services Security FCS 1.0
Release Notes

Revised: 10/1/2004


Read This Section First

Before you work with this release, make sure that you have installed the required software and are on a supported operating system. You can find this information in the JavaTM Web Services Developer Pack (Java WSDP) home page and Release Notes.

What's New in This Release

The following features are new to the FCS 1.0 release of XWS-Security:

What This Release Includes

This release includes the following XML and Web Services Security (XWS-Security) features:

The XWS-Security release contents are arranged in the following structure within the Java WSDP release:

Directory Name Contents
<jwsdp_install_dir>/xws-security/etc Keystore files, properties files, configuration files.
<jwsdp_install_dir>/xws-security/docs Release documentation for the XWS-Security framework and API documentation. See also: Java Web Services Tutorial.
<jwsdp_install_dir>/xws-security/lib JAR files used by the XWS-Security framework.
<jwsdp_install_dir>/xws-security/samples Example code. See samples.html for details.
<jwsdp_install_dir>/xws-security/bin Command-line tools specific to XWS-Security.

Standards and Errata to Which XWS-Security Conforms in this Release

XWS-Security FCS 1.0 conforms to the following standards and errata:

Upon Which Technologies is XWS-Security Based?

XWS-Security APIs are used for securing Web services based on JAX-RPC. This release of XWS-Security is based on non-standard XML Digital Signature and XML Encryption APIs, which are subject to change with new revisions of the technology. As standards are defined in the Web Services Security space, these nonstandard APIs will be replaced with standards-based APIs.

JSR-105 (XML Digital Signature APIs) are included in this release of the Java WSDP as well. JSR-105 is a standard API (in progress, almost at Proposed Final Draft) for generating and validating XML Signatures as specified by the W3C recommendation. It is an API that should be used by Java applications and middleware that need to create and/or process XML Signatures. It can be used by Web Services Security (which is the goal for a future release) and by non-Web Services technologies, for example, documents stored or transferred in XML. Both JSR-105 and JSR-106 (XML Digital Encryption APIs) are core-XML security components.

XWS-Security does not use the JSR-105 or JSR-106 APIs because, currently, the Java standards for XML Digital Signatures and XML Encryption are undergoing definition under the Java Community Process. These Java standards are JSR-105-XML Digital Signature APIs, which you can read at http://www.jcp.org/en/jsr/detail?id=105 and JSR-106-XML Digital Encryption APIs, which you can read at http://www.jcp.org/en/jsr/detail?id=106.

XWS-Security uses the Apache libraries for DSig and XML-Enc. In future releases, the goal of XWS-Security is to move toward using JSR-105 and JSR-106 APIs. The following table shows how the various technologies are stacked upon one another:

API/Implementation Stack Diagram


    JSR-105 & JSR-106 (possible in future release)

        Apache XML Security implementation (current implementation, however this can easily be replaced or swapped, because
        the JSRs are provider-based)

            J2SE Security (JCE/JCA APIs)

The Apache XML Security project is aimed at providing implementation of security standards for XML. Currently the focus is on the W3C standards. More information on Apache XML Security can be viewed at: http://xml.apache.org/security/.

Java security includes the Java Cryptography Extension (JCE) and the Java Cryptography Architecture (JCA). JCE and JCA form the foundation for public key technologies in the Java platform. The JCA API specification can be viewed at http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html. The JCE documentation can be viewed at http://java.sun.com/products/jce/index-14.html.

Current Limitations

Known Issues

In this release, the XWS-Security implementation has the following known issues: