Yes I'm not using this for authentication and authorization purpose. This is just for encryption and digitally signing the requests.
Vibhor -----Original Message----- From: Vishal Mehra [mailto:[EMAIL PROTECTED] Sent: Thursday, March 22, 2007 12:59 AM To: [email protected] Subject: Re: x509 certificate usage in rampart If the clients are using public key and not unique private keys, how will you identify which client is making the request once it is received by your web service. Perhaps, you are not using these certs for authentication/authorization purpose. Regards On 3/20/07, Vibhor_Sharma <[EMAIL PROTECTED]> wrote: > > > Hi > We would be exposing our web services and utilize the methodology > described in the article > > http://wso2.org/library/255 > > > We want to distribute our certifcates having the public key to the clients > who will be consuming our web services. > Just wanted to confirm the approach > > a) We distribute our publc key in the certificate to the clients. > b) We maintain our private key certificate in our key store protected by a > password. > c) The client stores our public key certificate in his key store protected > by a passoword. > d) Can we use Bouncy castle as the JCE provider fro the production system. > > Thanks > Vibhor --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
