Brian,
there may be use cases where one user encrypts some data, and an other user
signs the whole stuff. These uses cases are found mostly in notarial acts or similar.
Of course there may be different ways to get the passwords for both users, therefore diffrent usage identifiers.
UNKNOWN is more an exceptional case.
Regards, Werner
Brian Nielsen schrieb:
In the org.apache.ws.security.WSPasswordCallback class [1] I've got two questions:
1) why are the two different usages for DECRYPT and SIGNATURE? In all the usage I've had they both do the same, that is get the password for a given alias in a keystore so that WSS4J can access the private key. I have not seen a scenario where I would want to sign with one key and decrypt with another, and where they had to have the same alias (I could just change that if it was important). So with my 5 cents I would say that the callback should know nothing about it, it should do general things like:
* give me the password for this username (avoiding the discussion about password text/digest) * give me the password for this alias in a keystore * give me a key for this identifier
Am I missing a point here?
2) How does the UNKNOWN ever come into play, is it not more like an exceptional state?
Brgds Brian
[1]http://cvs.apache.org/viewcvs.cgi/ws-fx/wss4j/src/org/apache/ws/security/ WSPasswordCallback.java?view=markup
