[prev in list] [next in list] [prev in thread] [next in thread]
List: wss4j-dev
Subject: RE: Newbie 'best practise' question
From: "Granqvist, Hans" <hgranqvist () verisign ! com>
Date: 2005-10-31 16:32:07
Message-ID: E9616AD132F1464BB96EBBFC4F1F3355957CDD () MOU1WNEXMB02 ! vcorp ! ad ! vrsn ! com
[Download RAW message or body]
Hi Tim,
X.509 certificates seem like a good solution for this problem. You can
either set up your own issuer
or (CA) use a commercial one (ehrm :)
The CA issues certs to the set of allowed clients, who would then use
these to authenticate and encrypt.
You would simple check on the server that the client connects with a
cert issued by the CA.
Hans
________________________________
From: Tim Williams [mailto:theshady@gmail.com]
Sent: Monday, October 31, 2005 5:54 AM
To: wss4j-dev@ws.apache.org
Subject: Newbie 'best practise' question
Hi all,
I've got 2 way encryption working using wss4j, and very nicely
it runs too. At the moment I'm designing another web service that I
would like to provide some security on. Basically we want to be able to
say that only people we want can use the service (authentication) and
that nobody can listen in on confidential data (encryption).
The question is, how do I best maintain a list of clients that
are allowed to connect to the service, and how do we go about checking a
connecting client against that list?
Any links people have on this matter would also be appreciated.
I've looked over the OASIS WS-Security authentication specification,
but, to be honest, most of that went over my head.
Thanks in advanced,
Tim
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1498" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=506482916-31102005><FONT face=Arial
color=#0000ff size=2>Hi Tim,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=506482916-31102005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=506482916-31102005><FONT face=Arial
color=#0000ff size=2>X.509 certificates seem like a good solution for this
problem. You can either set up your own issuer</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=506482916-31102005><FONT face=Arial
color=#0000ff size=2>or (CA) use a commercial one (ehrm :) </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=506482916-31102005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=506482916-31102005><FONT face=Arial
color=#0000ff size=2>The CA issues certs to the set of allowed clients, who
would then use these to authenticate and encrypt.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=506482916-31102005><FONT face=Arial
color=#0000ff size=2>You would simple check on the server that the client
connects with a cert issued by the CA.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=506482916-31102005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=506482916-31102005><FONT face=Arial
color=#0000ff size=2>Hans</FONT></SPAN></DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Tim Williams [mailto:theshady@gmail.com]
<BR><B>Sent:</B> Monday, October 31, 2005 5:54 AM<BR><B>To:</B>
wss4j-dev@ws.apache.org<BR><B>Subject:</B> Newbie 'best practise'
question<BR></FONT><BR></DIV>
<DIV></DIV>Hi all,<BR><BR>I've got 2 way encryption working using wss4j, and
very nicely it runs too. At the moment I'm designing another web service that
I would like to provide some security on. Basically we want to be able to say
that only people we want can use the service (authentication) and that nobody
can listen in on confidential data (encryption).<BR><BR>The question is, how
do I best maintain a list of clients that are allowed to connect to the
service, and how do we go about checking a connecting client against that
list?<BR><BR>Any links people have on this matter would also be appreciated.
I've looked over the OASIS WS-Security authentication specification, but, to
be honest, most of that went over my head.<BR><BR>Thanks in
advanced,<BR>Tim<BR></BLOCKQUOTE></BODY></HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic