1. The service does not need the client's credentials. During authentication, the client uses its credential and the client's identity is established, but there is no need for the server to get the client's credential. In cases where the client delegates to the server, a new credential signed by the client credential is generated as part of delegation process, but the server never reads the client's credential. 2. If you use GSI Secure Transport (https), authentication happens on the wire and always occurs before any handler is invoked. In other cases, if you place the handler as the first one in the <requestFlow>, the handler will be run first. The order in which the handler is specified in the <requestFlow> element, is the order in which it is executed. Rachana
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of hawking.zn Sent: Sunday, July 06, 2008 10:46 AM To: gt-user Subject: [gt-user] security configuration problem Hi: sorry to disturb you again. in a service's server-config.wsdd, we use security Descriptor to specify the security config. in security-config.xml, scripts will look like: <method name="destroy"> <auth-method> <GSISecureConversation/> </auth-method> under this, we should use certificate to authenticate. Question 1. How does the service know where the client's certificate locates? Since when I run the example of Math4op, I didn't point it. Question 2. If I puts a handler in the <requestFlow> of the server-config.wsdd, What's the sequence ? which is going to run first? the authentication ? or the handler? Thanks very much. _____ hawking.zn 2008-07-06
