http://ws.apache.org/ws-fx/wss4j/
--- [EMAIL PROTECTED] wrote: > Hi people, > > I am considering two different ways of using Certificate based authentication of a > client > connecting to our Web Service: > > 1. Certificate is contained in the HTTPS request. I intercept the Request in my Web > Service, get > the Certificate out of it, and do the authentication. > > 2. Certificate is contained in the signed SOAP Envelope. My Web Service (a Handler) > gets the > SOAPEnvelope, gets the Certificate out of it, and does the authentication. > > Which one of these options is the better one, what do you people think? > > Best regards, > > Zoltan Schreter > Nokia/Finland > > ===== Davanum Srinivas - http://webservices.apache.org/~dims/