Hi Naresh, You may find the following sketchy description helpful: Authentication is about proving to someone that you are who you claim to be. In PKI world, this would mean possession of the private key corresponding to a X509 certificate having the public key issued by a well known CA. Usually there is a protocol ( like SSL ) to carry out the steps for a proper authentication. Of course, there are many many other ways of authentication. A digitally singed document also ensures that the signer possesses the private key corresponding to the certificate extractable from the digital signature and also that the documente has not been tampered with. But just presenting a digitally signed document is no guarantee that the presenter is also the signer. Of course, one could design a protocol utilizing digital signature for authentication. You you are looking at securing servlets, you may find the following article useful: http://www.devx.com/premier/mgznarch/Javapro/2001/bgfall01/sh01bg/sh0113-1.a sp <http://www.devx.com/premier/mgznarch/Javapro/2001/bgfall01/sh01bg/sh0113-1. asp> Regards, Pankaj Kumar ( http://www.pankaj-k.net <http://www.pankaj-k.net> ) -----Original Message----- From: Naresh Bhatia [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 09, 2002 9:32 AM To: '[EMAIL PROTECTED]' Subject: Authentication and digital signatures
Could the group clarify the relationship between Authentication and Digital Signatures? Somewhere in the posts I read that Digital Signatures can sign a message but that is not the same as authentication. 1) Why is this distinction made? 2) I am trying to do is some basic user authentication, perhaps using the Servlet 2.2 security/roles. I understand that Axis supports this. Is there an example of this? 3) How can I get the username and password in the code that implements my web service? I need that to log in to another service. Thanks Naresh
