You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Christof Soehngen <Ch...@SYRACOM.DE> on 2004/06/15 11:04:14 UTC

Standard for sending the consumers public key for encryption?

Hello everyone,

does anyone know of a standard procedure for a consumer to send his public key that will be used by the producer to encrypt the answer?

If the message is encrypted AND signed, one possiblity would be to use the public key that is included via a direct reference in the signature. But if only encrpytion is performed, there is no such reference.

How do other products (MS, IBM, ...) handle this?

I read an article (http://www.fawcette.com/xmlmag/2002_12/magazine/columns/dwahlin/default_pf.aspx) that suggested using a procedure, but did not describe a syntax for it.

At the moment, I'm think of adding another BinarySecurityToken with a special id that is recognized by the producer. But I want to avoid creating proprietary solutions, so I'm interested in best practices.

Regards,
Christof Soehngen