Re: Symmetric binding and useReqSigCert

Fri, 16 Nov 2007 01:00:44 -0800 

Hi again,
I just want to extend a little bit the question and apply the following
rampart configuration example:

          <ramp:RampartConfig xmlns:ramp="
http://ws.apache.org/rampart/policy";>
            <ramp:user>service</ramp:user>
            <ramp:encryptionUser>client</ramp:encryptionUser>
            <ramp:passwordCallbackClass>
com.mycompany.wsstack.pwcb.PasswordCallbackHandler
</ramp:passwordCallbackClass>
            <ramp:signatureCrypto>
              <ramp:crypto provider="
org.apache.ws.security.components.crypto.Merlin">
                <ramp:property name="
org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                <ramp:property name="
org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
                <ramp:property name="
org.apache.ws.security.crypto.merlin.keystore.password
">openssl</ramp:property>
              </ramp:crypto>
            </ramp:signatureCrypto>
            <ramp:encryptionCypto>
              <ramp:crypto provider="
org.apache.ws.security.components.crypto.Merlin">
                <ramp:property name="
org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                <ramp:property name="
org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
                <ramp:property name="
org.apache.ws.security.crypto.merlin.keystore.password
">openssl</ramp:property>
              </ramp:crypto>
            </ramp:encryptionCypto>
          </ramp:RampartConfig>

my question is why in case of Symmetric binding there is need of the
following parameter:

<ramp:encryptionUser>client</ramp:encryptionUser>

because AFAIK the symmetric binding facilitates the need to secure the
messages between anonymous clients and the server.

Thanks again and have a nice day!

Regards, Dobri

On Nov 16, 2007 10:27 AM, Dobri Kitipov <[EMAIL PROTECTED]>
wrote:

> Hi everybody,
> there is a nice article called "Secure Message Exchanges with Multiple
> Users" at http://wso2.org/library/255.
> In this article we can read:
>
> "
> <encryptionUser>useReqSigCert</encryptionUser>
>
> This instructs Rampart/WSS4J to use the certificate that was used to sign
> the request. One can specify the encrypted parts to encrypt different parts
> of the message to be encrypted.
> "
>
> My question is is it possible to use this with Symmetric binding? I could
> be wrong but my understanding is that if this is supposed to work it will
> mean that we want the derived key to be based on the lient's (initiator's)
> security token (not the recipient's one), defined in the either encryption
> token assertion or protection token assertion.
> I know this make much more sense with the Asymmetric binding, but I am
> curious about that.
>
> Thank you.
>
> Best regards, Dobri
>
>

Reply via email to