Hi Tom: Since GSI is running with X.509 certificate to authenticate. After this is done, the request reaches the service. My mechanism uses another kind of credential to check for other usage. But the squence is going to be 1. X.509 Pulick key certificate authentication for verifying identities. 2. check and verify my credentials 3. the service deals with the request . and it's better if I can still use the secure conversation (by Transport level Security or Mesaage Level Security) and delegation
I have run the examples the GT4 provides. I know GSI can be implemented by Security Descriptor in the form of XML config or embeded in the codes. And I think my mechanisum can be implemented with handlers of web service. Then I don't know how I can keep the sequence above if I still want to use GSI to ensure secure conversation. Since actually I can write codes to implement the step 1. and 2. Oh . and there is another question. if I use GSI, must I use the proxy certificate? Can I just check the user's certificate? I read there is API for it, but I am confused that how to pick it out and change it. I don't know whether I have make my questions understandble. If sitll not, hope you email back. the credential of my mechanism is supplied by the client. coming with the request. and only my credential is checked to be right. the mechanism can passed the request to the service. Thanks very much. Nancy 发件人: Tom Scavo 发送时间: 2008-06-29 22:03:02 收件人: hawking.zn 抄送: gt-user 主题: Re: [gt-user] Question about GT Security Sorry, I'm not following you. How is your security mechanism different than GSI as implemented in GT4? What have you done to set up security in the GT4 container? Tom On Sun, Jun 29, 2008 at 8:29 AM, hawking.zn <[EMAIL PROTECTED] > wrote: > > I am setting up a new security mechanism on GT4. The flow is going to be: > 1. I have my CA. the Client snde its request to the service with its Public > Key Certificate. The Client and the Service authenticate each other. > 2. the flows goes to excute my security mechanism.only if the request passed > this,the flows goes to > 3. the request reaches the service and waits for result returned by the > service > > But in step 3, I want to make an secure comunication between the client and > the service. Because I inster step 2, So I don't know how to implement the > SSL or message-level security provided by GSI. > And as my working flow, can I use the proxy certificate to implement > delegation/SSO? > > Is there correspond API for the questions above? > > Thanks very much. > > Nancy.
