1 Reply Latest reply on Mar 29, 2006 2:01 PM by starksm64

    SRP with Web-Service?

    sappenin
    sappenin Mar 29, 2006 12:07 PM

      I've been working through the SRP example in the JBoss dev guide (http://docs.jboss.org/jbossas/jboss4guide/r1/html/ch8.chapter.html#ch8.srp.sect).

      I'm wondering if it would be possible to use SRP to authenticate a JBoss Web Services SEI? The problem I'm having when trying to think about how such a thing would happen is how the actual SRP handshaking would occur.

      One way this might happen would be (before the actual web-services SEI call) an SRP negotiation inolving standard XML/SOAP messages?

      Alternatively, does/can the SRP auth happen at some lower protocol level (sort of like SSL works -- maybe at the transport layer)?

      According to the JBoss dev guide, the current JBoss SRP classes have:


      + An implementation of the SRP handshake protocol that is independent of any particular client/server protocol

      + An RMI implementation of the handshake protocol as the default client/server SRP implementation


      1.) Has anything related to SRP and web-services been created (inside or out of JBoss)?
      2.) Is this something addressed by a different technology, perhaps in the WS Security proposals?
      3.) How do the JBoss protocol-independent SRP handshake classses work? Are these just interfaces that need to be implemented?

      Any thoughts/ideas here would be appreciated...

      Thanks!

      David

      • 2917 Views
      • Tags:
        • 1. Re: SRP with Web-Service?
          starksm64
          starksm64 Mar 29, 2006 2:01 PM (in response to sappenin)

          Check out the source for the handshake. The only way this could be used with a webservice client would be a custom authenticator that did something like a DIGEST auth challenge.

            • Actions