Hi Erwin,
Yes, what we do is we use the cert that was used to sign the
request to encrypt the response back to the client. This[1] tutorial has
more information.
thanks,
nandana
[1] - http://wso2.org/library/255
On Thu, Jan 15, 2009 at 9:47 PM, Erwin Reinhoud <[email protected]>wrote:
> Hello All,
>
> I am wondering how i could implement a service that is used by multiple
> clients and WS-Security signing andf encryption is applied. Somehow you'll
> have to gather from the request which client you are dealing with and
> encrypt the response. One way of doing this is i guess, is using the same
> cert for encryption as was used for signing the request which was included
> in the message. Any examples, best practices? Is it implied that an
> encrypted exchange can only be done per service-client pair?
>
> Thanks in advance.
>
> Kind regards,
> Erwin
>
--
Nandana Mihindukulasooriya
WSO2 inc.
http://nandana83.blogspot.com/
http://www.wso2.org
