If the clients are using public key and not unique private keys, how
will you identify which client is making the request once it is
received by your web service. Perhaps, you are not using these certs
for authentication/authorization purpose.
Regards
On 3/20/07, Vibhor_Sharma <[EMAIL PROTECTED]> wrote:
Hi
We would be exposing our web services and utilize the methodology
described in the article
http://wso2.org/library/255
We want to distribute our certifcates having the public key to the clients
who will be consuming our web services.
Just wanted to confirm the approach
a) We distribute our publc key in the certificate to the clients.
b) We maintain our private key certificate in our key store protected by a
password.
c) The client stores our public key certificate in his key store protected
by a passoword.
d) Can we use Bouncy castle as the JCE provider fro the production system.
Thanks
Vibhor
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
