You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Jason Essington <ja...@GreenRiverComputing.com> on 2002/11/12 01:35:30 UTC
Authentication using signatures in soap messages?
Hi there, I have been looking at the security sample in apache axis,
and I am curious how I would go about authenticating the sender of a
given signature?
The sample allows me to check that the signed xml is valid, but how do
I figure out if the sender (owner of the signature) is someone I want
to talk to?
-jason
Re: Authentication using signatures in soap messages?
Posted by Jason Essington <ja...@GreenRiverComputing.com>.
I suppose I maybe asked the wrong question.
How do I figure out who the signature is actually from?
-jason
On Monday, November 11, 2002, at 05:46 PM, David Wall wrote:
>> The sample allows me to check that the signed xml is valid, but how do
>> I figure out if the sender (owner of the signature) is someone I want
>> to talk to?
>
> Isn't that up to your business processes? The same rules apply like
> how you
> determine if a signed piece of paper is something you care about too...
>
> David
Re: Authentication using signatures in soap messages?
Posted by David Wall <Da...@Yozons.com>.
> The sample allows me to check that the signed xml is valid, but how do
> I figure out if the sender (owner of the signature) is someone I want
> to talk to?
Isn't that up to your business processes? The same rules apply like how you
determine if a signed piece of paper is something you care about too...
David