Based on feedback received, this change is problematic:

•  SOAP 1.2 is no longer supported

This is because the WSDL shipped with ESCI is SOAP 1.1. Services implemented using SOAP 1.2 reject calls.

• DIGEST authentication is no longer supported

The recommended deployment is to use BASIC authentication over https, so I'm not sure that the lack of DIGEST authentication is a big issue.

.NET implementations can be configured to use SOAP 1.1, according to: http://blogs.msdn.com/b/kaevans/archive/2005/11/10/491640.aspx

So the options are:

1. keep the change.

Implementations must support SOAP 1.1, and use BASIC authentication with https.

2. revert the change and require that WSDL be unsecured

DIGEST authentication would not be supported

3. revert the change. Multiple deployments of OpenVPMS with ESCI aren't supported [1]

4. revert the change, and change the JAX-WS implementation to Apache CXF which allegedly supports DIGEST

This still uses java.net.Authenticator, so Apache CXF would need to be deployed in Tomcat's shared class loader in order to support multiple OpenVPMS installations. Different versions of Apache CXF would not be supported.

5. Change ESCI to support SOAP 1.2.

Services have to support SOAP 1.2, and DIGEST is unsupported.

At this stage, I'm looking for the path of least pain for everybody.

Feedback appreciated. Regards Tim.

[1] There are workarounds, but none that allow 2 different versions to coexist.