I think our WSS4J interceptors really need to support "nonces"--IIRC
according to WS-Security w/UsernameToken profile web service calls
aren't really secure if those aren't included with the username,
password, and timestamp. I am still not sure if WSS4J supports the SAML
Token Profile, but that would also something we probably need. Having
WS-SecureConversation would not be very meaningful for either SAML or
UsernameTokens if we don't have the latter two working yet. (The other
profile--X.509--I don't know how well that is supported presently, but
if working, WS-SecureConversation then becomes sensible.)
Possibly also, an ability to support Sun's XWSS product in addition to
WSS4J (although I'm aware of the performance issues you had mentioned
earlier), a nice-to-have since Spring-WS apparently supports both.
Perhaps also WSDL 2.0?
Glen
2008-06-18 Daniel Kulp wrote:
> Now that 2.1.1 is being voted on, I'd like to step back a bit and talk
> a little about ideas for the next versions.
>
> First, most likely, we'll need to do a 2.1.2 release in about 6-8
> weeks (and maybe 2.0.8 as well). We've done a very good job of
> getting fixes out to our users in a timely manner and I'd like to keep
> that up, but I also would like to think about 2.2 a bit as well. I
> haven't created the 2.1.x fixes branch yet, but I probably will
> shortly if we start doing some new stuff toward 2.2.
>
> That said, here is my list of stuff that is "missing" and could be
> considered for 2.2:
>
> 1) WS-Trust/WS-SecurePolicy/WS-SecureConversation stuff. Not
> supporting these is becoming increasingly problematic. Most likely,
> when I get back from my paternity leave, I'm going to start digging
> into these a bit. I haven't really read up on these yet (in depth) so
> any help would be greatly appreciated.
>
> 2) XMLBeans tooling - I started this a bit for 2.1.1. 2.1.1 now will
> actually generate some interfaces for xmlbeans, but the sample clients/
> servers are wrong (don't set the jaxb databinding) and I'm not sure if
> the interfaces even work unless you use a jaxws customization to force
> everything into bare mode. Cleaning this stuff up could be a 2.1.x
> "fix" as well.
>
> 3) JIBX data binding - This is probably the last major thing not
> ported from XFire. Not sure the demand on it though.
>
> 4) Extension via annotation - Benson and I have chatted about this off
> and on. Basically, we'd like to add hooks into the
> ReflectServiceFactoryBean so that registered listeners can get events
> about when things happen. Like when an interface is mapped to a
> ServiceInfo, a method is mapped to a OperaionInfo and
> BingingOperationInfo, etc... The listeners can then examine the
> Method object or Class object or whatever for any additional things
> it's interested in at runtime. This would allow for some custom
> annotations. Examples:
> Configure some logging:
> @Logging(in = "in.log", out = "out.log", fault = "<stderr>")
> Configure and IDL location for the corba binding:
> @IDLLocation("file:/foo.idl")
> Add documentation to the wsdl:
> @WSDLAnnotation("This operation does XXX")
> etc...
> Some of the stuff in the JAX-WS frontend could then be re-written to
> use that. Processing of the @WebServiceFeature annotations and stuff
> could be re-implemented that way. The main thing here is to make
> some of the java-first things work a bit better/easier. (our own
> @Features annotation could be deprecated in favor of explicit
> annotations for the features we have)
>
> 5) OSGi stuff - I know there are some OSGi enhancements in the works
> that could be pulled in:
> a) osgi http transport - this currently lives in ServiceMix, but
> could be pulled into CXF to work with other OSGi runtimes
> b) Distributed OSGi (RFC 119) - there is work being done to
> implement RFC 119 with CXF. There are some rules about releasing the
> IP for this though that is being investigated.
>
> 6) JMS transport enhancements - I keep wanting to update this a bit to
> leverage spring jms stuff a bit better to make it much easier to
> configure.
>
> 7) JAX-RS updates - to 0.7 at least. Maybe later versions as they
> come up with them.
>
> 8) Web site update? I'd like to possibly create a quick logo and
> update the site a bit to look a bit less like confluence. This is a
> "would be nice anytime, not just for 2.2" type thing.
>
>
> I'm sure there will be a bunch of other enhancements as well. Stuff
> like performance/memory enhancements, etc...
>
> Anyway, thoughts? Other ideas? Comments?
>
>
> ---
> Daniel Kulp
> [EMAIL PROTECTED]
> http://www.dankulp.com/blog
>
>
>
>
