[
https://issues.apache.org/jira/browse/CXF-5482?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrei Shakirin resolved CXF-5482.
----------------------------------
Resolution: Fixed
Fix Version/s: 3.0.0-milestone2
> XKMS: provide direct trust validator
> ------------------------------------
>
> Key: CXF-5482
> URL: https://issues.apache.org/jira/browse/CXF-5482
> Project: CXF
> Issue Type: Improvement
> Reporter: Andrei Shakirin
> Assignee: Andrei Shakirin
> Fix For: 3.0.0-milestone2
>
>
> Currently XKMS validate() operation checks only validity period, trusted
> chain and CRLs of X509 certificate. Basically it is not necessary that
> certificate exists in the XKMS repository.
> However, in some cases it is required that certificate itself is "known" by
> XKMS (direct trust).
> For such cases XKMS validation request should additionally contain element
> <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>. This element
> triggers direct trust validation.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
