> On Thursday 25 January 2001 02:08, Wim De Clercq wrote:
> > Would you use SSL with client authentication or would you use SSL
> > only for confidentiality (and server authentication)? I assume you
> > would not use SSL for authentication.
> I don't know.
> Do you recommend not to use SSL with client authentication?
> Why?
Initially I thought it would enforce the use of a persistent key store at
client side, but it is of course possible to generate the key pair on the
fly as described by Luke.
> ...
> Do you think that it makes sense to implement all components of this
> scheme in JBoss?
I believe it's easier to implement than using client SSL authentication.
> If I understand correctly, for that we need to implement the Security
> Service and a pair of LoginModules (client and server).
> Also we need a volunteer ;-)
:-) I would like to participate, but I will first start with looking at the
source code.
> Probably we should define Security Service API and make it pluggable.
I think that is definitely a good idea. Do you understand how (if) JSR 76
(RMI Security) fits in the picture? Apparently it has not been approved.
Probably Rickard can tell.
Regards,
Wim
