1 Reply Latest reply on Mar 29, 2006 2:01 PM by Scott Stark

    SRP with Web-Service?

    sappenin Novice

      I've been working through the SRP example in the JBoss dev guide (http://docs.jboss.org/jbossas/jboss4guide/r1/html/ch8.chapter.html#ch8.srp.sect).

      I'm wondering if it would be possible to use SRP to authenticate a JBoss Web Services SEI? The problem I'm having when trying to think about how such a thing would happen is how the actual SRP handshaking would occur.

      One way this might happen would be (before the actual web-services SEI call) an SRP negotiation inolving standard XML/SOAP messages?

      Alternatively, does/can the SRP auth happen at some lower protocol level (sort of like SSL works -- maybe at the transport layer)?

      According to the JBoss dev guide, the current JBoss SRP classes have:

      + An implementation of the SRP handshake protocol that is independent of any particular client/server protocol

      + An RMI implementation of the handshake protocol as the default client/server SRP implementation

      1.) Has anything related to SRP and web-services been created (inside or out of JBoss)?
      2.) Is this something addressed by a different technology, perhaps in the WS Security proposals?
      3.) How do the JBoss protocol-independent SRP handshake classses work? Are these just interfaces that need to be implemented?

      Any thoughts/ideas here would be appreciated...