Welcome to Apache Rampart/C

Apache Rampart/C is the security module for Apache Axis2/C. It features in many ways to protect SOAP messages exchanged. This includes SOAP message encryption and signature as specified in WS-Security Specification. In addition Apache Rampart/C configurations are based on security policy assertions as per WS-Security Policy specificatoin

Why Apache Rampart/C ?

In distributed computing, web services play a crucial role. But as many distributed systems web services are also vulnerable for security threats. Developers are always struggling to ensure the integrity, confidentiality of messages. Implementing the right security solution can be an expensive and time consuming task. Rampart/C makes the life easier for those who uses Axis2/C, by providing a configurable security module, which protect SOAP messages from such threats.

Latest Release

27th May 2009 - Apache Rampart/C Version 1.3.0 Released

Key Features

1. Ability to send and verify UsernameTokens with
   • Username and PlainText password
   • Username and Digested password
2. Ability to send Timestamp tokens
3. SOAP message encryption
   • With derived key support for improved security
   • Symmetric and Asymmetric modes of operations
   • Support for AES and Tripple DES encryption
   • Signature encryption
   • Keys encryption
4. SOAP message signature
   • XML signature with RSA-SHA1
   • Message authentication with HMAC-SHA1
   • Signature confirmation support
   • SOAP Header signing
5. WS-Security Policy (spec 1.1 and spec 1.2) based configurations
   • Support for both Symmetric as well as Asymmetric policy bindings
   • Support for different modes of key identifiers
   • Support for different algorithm suites
     [Basic128, Basic 192, Basic256, TrippleDES, Basic128Rsa15, Basic192Rsa15,Basic256Rsa15, TripleDesRsa15]
   • Support for IssuedToken assertion in client side
   • Support for SAMLToken assertion
6. Replay detection support
   • Easy to use built-in replay detection module
   • Ability to deploy a customized replay detection module
7. Different protection orders
   • Encrypt before signing
   • Sign before encrypting
8. Extensible modules
   • Password callback module
   • Authentication module
   • Credentials module
   • Replay detection module
   • Secure conversation token module
9. Keys management
   • Support for X509 token profile
   • Support for Key identifiers, Thumb prints, Issuer/Serial pairs, Embedded and Direct references
   • Support for PKCS12 keystore
10. WS-Secure Conversation Language support
    • Establishing Security Context and thereby maintaining a session
    • Per message key derivation
    • Support for stored securtiy context token
    • Rahas module support to give STS functionality to a service
11. WS-Trust Language support
    • Security Token Services (STS)
    • STS Client
    • Server and Client entrophy support
12. SAML Support
    • Support for Creation and Processing of SAML Core 1.1 Assertion
    • SAML Token as Sign Supporting Token
    • Signing and Encryption with SAML
13. Other
    • Easy to use deployment scripts
    • A comprehensive set of samples

Major Changes Since Last Release

1. WS-Secure Conversation Language support
2. WS-Trust Language support
3. Rahas module to give STS support to a service
4. PKCS12 Keystore support
5. Security Policy 1.2 support
6. Memory leak fixes
7. Many bug fixes

Archived News

News on previous Rampart/C releases.