You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Dimuthu Leelarathne <di...@wso2.com> on 2007/12/21 06:23:04 UTC
Re: Proposal to extend the Rampart configuration to include
encoded Binary X509Certicate used for encryption
Hi,
On Fri, 2007-12-21 at 07:28 +0530, Nandana Mihindukulasooriya wrote:
> Hi Devs,
>
> Currently only way that a user provide a X509 certificate is through a
> java key store. Sometimes a client may
> only want to interact with only one particular service but even then it has
> to create a key store and import the
> certificate to it and specify it in the Rampart configuration. This may take
> some effort specially if the service is
> is .NET service. But if we can extend the Rampart configuration to specify
> the certificate used for encryption as
> a binary-encoded certificate, then we can remove all the hassle of creating
> key stores.
> For example, WCF has an extension by which they provide the certificate
> of the service in the WSDL.
>
> </wsdl:definitions>
> </wsdl:service>
> <wsdl:port >
> <wsa:EndpointReference>
> <Identity>
> <KeyInfo>
> <X509Data>
> <X509Certificate>
> ......
> </X509Certificate>
> </X509Data>
> </KeyInfo>
> </Identity>
> <wsa:EndpointReference>
> <wsdl:port >
> </wsdl:service>
> </wsdl:definitions>
>
> In this case, Rampart user who interact with this service only have to
> extract the binary certificate from from the WSDL and
> specify it in the Rampart Configuration. And almost every certificate tool
> will allow to export the certificates in binary-encoded
> format. So this will increase ease of interacting with non-java web
> services.
>
> Thoughts ?
+1
Regards,
Dimuthu
> Nandana