Hi Please excuse my ignorance. I am trying to understand why would you use ws-security with certificates when you can do the client certificates authentication at the apache /web server level?
So assuming that the web services are published from a web server (stand-alone tomcat or Apache proxying to tomcat) and you can use the web server itself to verify the clients, why use WS-security? what is the advantage? Thanks -rajeev. -- View this message in context: http://www.nabble.com/why-would-you-use-ws-security-with-certificates--tp20268372p20268372.html Sent from the cxf-user mailing list archive at Nabble.com.
