You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by Jason Essington <ja...@GreenRiverComputing.com> on 2002/11/12 01:35:30 UTC

Authentication using signatures in soap messages?

Hi there, I have been looking at the security sample in apache axis, 
and I am curious how I would go about authenticating the sender of a 
given signature?

The sample allows me to check that the signed xml is valid, but how do 
I figure out if the sender (owner of the signature) is someone I want 
to talk to?

-jason

Re: Authentication using signatures in soap messages?

Posted by Jason Essington <ja...@GreenRiverComputing.com>.

I suppose I maybe asked the wrong question.

How do I figure out who the signature is actually from?

-jason

On Monday, November 11, 2002, at 05:46  PM, David Wall wrote:

>> The sample allows me to check that the signed xml is valid, but how do
>> I figure out if the sender (owner of the signature) is someone I want
>> to talk to?
>
> Isn't that up to your business processes?  The same rules apply like 
> how you
> determine if a signed piece of paper is something you care about too...
>
> David

Re: Authentication using signatures in soap messages?

Posted by David Wall <Da...@Yozons.com>.

> The sample allows me to check that the signed xml is valid, but how do
> I figure out if the sender (owner of the signature) is someone I want
> to talk to?

Isn't that up to your business processes?  The same rules apply like how you
determine if a signed piece of paper is something you care about too...

David