Network Deployment (Distributed operating systems), v8.0 > Develop and deploying applications > Develop web services - UDDI registry > Develop with the UDDI registry > UDDI registry client programming


Digital signatures and the UDDI registry

In UDDI v3, publishers can digitally sign UDDI elements while they are publishing. The UDDI v3 schema supports the signing of businessEntity, businessServices, bindingTemplate, tModel, and publisherAssertion elements.

We can validate UDDI elements that are digitally signed to prove that they have not been modified or tampered with, and that their integrity is intact.

For full details about signing UDDI entities and verifying signatures, see Appendix I: Support for XML Digital Signatures in the UDDI v3.0.2. specification.

The UDDI registry does not validate signatures when signed elements are published. When the signed elements are retrieved, the retrieving client is responsible for validating the signature and providing a mechanism to ensure that the signer certificate is signed by a Certificate Authority (CA) that the client approves and trusts. If a signature is decrypted successfully by using the signer public key, it indicates that only the owner of the corresponding private key can have signed and published this element.


Signature generation

The attributes of an element are included in the generation of an element signature. Therefore, all entity keys must be available when the signature is generated. Publishers can generate publisher-assigned keys for all the keys of an element before signing. Alternatively, if publishers publish the element without keys, the registry node generates the required entity keys and then retrieves, signs, and republishes the signed element.


Signature validation

The signature element to validate is in the top-level element that a call to the getXXDetails method returns. The client is responsible for the validation. The client must have previously imported the X509.3 certificate of the publisher, and validated that certificate based on the CA it trusts. In this way, the client has access to the public validation key of the publisher that corresponds to the private signing key that the publisher used to sign the entity before publishing it.

We can use the UDDI v3 Client to construct JAX-RPC objects and to invoke the UDDI v3 web service. As part of this client, you can use a helper class, com.ibm.uddi.v3.client.apilayer.xmldig.SignatureUtilities, to create and validate digital signatures on the UDDI v3 entities that support them. For details of API in this helper class and the SignatureUtilitiesException exception, see the API information.

For UDDI, digital signatures are used to sign the data. They are not used to authenticate the SOAP message.
UDDI registry client programming


Related


UDDI v3 Client
Additional Application Programming Interfaces (APIs)
UDDI v3.0 Specification

+

Search Tips   |   Advanced Search