Hi, Im developing a webservice which uses signature and cypher (two-way).
It seems a bit odd that a usernameToken has to be sent to identify the caller since the CN and serialNumber are also in the SOAP message, which are enough to locate the certificate in the keystore. Is this really mandatory? Thanks in advance, António Lourinho --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
