Hi,
We are looking to receive signed SOAP message from our client.
We like to conform to WS-Security as much as possible while using Apache XML
Security implementation.
A question is:
Since we have only one client sending us the message, we would like to
eliminate the overhead of keeping X509 certificate in the SOAP message.
1) Is it possible to store client's public key on our site and just
use it to validate the signature without having to read extract it from SOAP
head?
2) Is this recommended practice?
Thanks much
Lee
_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec
