【正文】 offered many choices for implementers and users. Partly this was by design. Other cases are due to oversights in the standards: Expected behaviors were not specified in enough detail, so implementers had to guess what needed to be done. The problem with too many choices is that implementers lack the resources to test all the possible binations fully, so the web services stacks support some sets of choices well, others poorly, and still others not at all. This situation creates major problems for interoperability, because there39。ll first learn more about the issues of security interoperability among web services stacks. Then you see how the Axis2, Metro, and CXF pare on several measures of correctness and usability, based on my research for the last dozen or so articles of this series. Security interoperability Security standards provide far too many binations of options for prehensive testing. Many of the standards supply little in the way of examples, and nothing in terms of test suites, so conformance to the standard is often a matter 年級(jí) 2021 級(jí) 專業(yè) 軟件工程 學(xué)號(hào) 312021080611322 姓名 周進(jìn) 2 of opinion and conjecture. As a result, stacks that claim to support a particular standard rarely do any extensive verification of their support. Instead of trying to test against the standard, each stack uses a limited number of security configurations for its own testing, along with an even more limited number of configurations in interoperability tests with other stacks. Other than that, the developers for each stack respond to bug reports from users encountering security configuration or interoperability issues. This limited testing for a plex set of standards means you39。s role in enterprise puting. In this series of articles, XML and web services consultant Dennis Sosnoski covers the major frameworks and technologies that are important to Java developers using web services. Follow the series to stay informed of the latest developments in the field and aware of how you can use them to aid your programming projects. One important area of difference relates to the pleteness and correctness of the security implementations. WSSecurity and WSSecurityPolicy allow many variations of security configurations, including different types of keys and certificates, algorithm suites, security tokens, and signing/encrypting specifications. WSTrust and WSSecureConversation expand the number of options even further. With so many possible configurations, no web services stack can possibly test them all. Even testing each possible option value in isolation is difficult, and most stacks don39。 畢業(yè)設(shè)計(jì)（論文） 英文翻譯 年級(jí)專業(yè) : 2021 級(jí)軟件工程 姓名 : 學(xué)號(hào) : 312021080611322 指導(dǎo)教師 : 年級(jí) 2021 級(jí) 專業(yè) 軟件工程 學(xué)號(hào) 312021080611322 姓名 周進(jìn) 1 Java web services: The state of web service security All major web services stacks provide some level of suppor t for WSSecurity and related web services security standards. The three open source stacks I39。ve covered in this series — Apache Axis2, Sun/Oracle Metro, and Apache CXF — all provide a fairly high level of support for these standards. But their support differs significantly in many ways, including both the security operation and how the stacks are configured with runtime security parameters. About this series Web services are a crucial part of Java technology39。t try. In this article, you39。ll often encounter problems if you try anything that39。s no guarantee that different stacks support the same choices. Choice overload was such a problem in the early years of SOAP that an industrywide group was created for the specific purpose of limiting the number of possible configurations by defining best practices approaches. This group, the Web Services Interoperability Organization (WSI), produced a number of profiles requiring particular choices to be used or avoided (seeResources). Through these profiles, WSI has had a major influence in shaping the current third generation of web services stacks. Security is one of the areas WSI has covered in profiles. The WSI Basic 年級(jí) 2021 級(jí) 專業(yè) 軟件工程 學(xué)號(hào) 312021080611322 姓名 周進(jìn) 3 Security Profile Version (referred to as BSP ) is the current main document in the security area. This document includes a wide range of requirements, but in keeping with the focus of WSI, most of these requirements deal with web services stack implementations rather than enduser security configurations. BSP does not deal with WSSecurity configuration in WSSecurityPolicy at all, but a few of its requirements can be translated into WSSecurityPolicy terms. When you use digital signatures, BSP requires you to follow the W3C Exclusive Canonicalization Remendation, an XML canonicalization algorithm that ignores ments and unnecessary context information (see Resources). This algorithm is the default assumed by WSSecurityPolicy in the absence of any choice, so all you need to do to meet this requirement is not specify a different canonicalization algorithm (such as sp:InclusiveC14N). BSP al