I have created an innovative proprietary J2EE/Java security framework encapsulating the SOAP 1.1, SOAP 1.2, IBM's STSUU 1.0, WS-Addressing 1.0, WS-Policy 1.2, WS-SecureConversation 1.3, WS-Security 1.0, WS-SecurityPolicy 1.2, WS-SecurityUtil 1.0, WS-Trust 1.2, WS-Trust 1.3 web service/security standards.
Exemplifying high useability, flexibility, extensibility, and portability, this security framework offers a very easy and far more flexible exposure particularly to the WS* security standards than both, the currently available open-source Higgins Identity Management framework, as well as web services frameworks such as Apache AXIS 1.x/2.x, Apache CXF 2.x etc.
The security framework integrates transparently to use the SOAP/RESTful messaging facility provided by any standard web services framework such as Apache AXIS 1.x/2.x, Apache CXF 2.x etc.
The security framework incorporates as part of the offering use of the XML Digital Signature 1.0 standard using Apache XML Security 1.4.3 implementation of the standard. Also included as part of the offering is the XACML 1.0/1.1/2.0 authorization standard using both, Apache XACMLLight 2.2, as well as Sun XACML 1.2 implementations of the standard.
I have successfully tested the security framework's integration with IBM TFIM's Security Token Service (STS) via SOAP 1.1/WS-Trust 1.2/WS-Trust 1.3/XMLDigSig 1.0. Also, successfully tested the security framework's integration with IBM WebSphere Datapower SOA Appliance (AAA policy) via SOAP 1.1/SOAP 1.2/WS*/XMLDigSig 1.0/XACML 1.0/1.1/2.0.
I believe that this represents a tremendous immediate opportunity for IBM to evaluate the feasibility of replacing current use (particularly within the IBM TFIM product offering) of the open-source Higgins Identity Management framework with my J2EE/Java security framework!
I would be happy to discuss this outcome with interested IBM parties operating in the TFIM, Datapower SOA etc. product spaces. So don't hesitate to contact me directly if you are interested in knowing more about this just-released J2EE/Java security framework.