I have run rampart demos and it's obvoius that a java keystore doesn't scale well. If I want to propagate user identity in service invokes throug the use of certificates what happen in an environment with thousands of users?
I have always had this question... On Tue, Apr 15, 2008 at 10:01 PM, Dimuthu Leelarathne <[EMAIL PROTECTED]> wrote: > Hi Nate, > > Please see my comments below. > > > On Fri, 2008-04-11 at 16:39 -0700, Nate Roe wrote: > > I've secured a service using Rampart, and now I'm considering how to > implement the certificate issuance portion. > > > > To get the service running, I followed Ruchith Fernando's tutorial: > > http://wso2.org/library/174 > > > > Is it necessary to modify the service's keystore to add new client > certificates? Is it possible to store the service's copy of the client's > public keys in a database or in separate files in the filesystem? > The easiest way to do this would be to ask the client to include the > certificate in the request message always. If we want to store a > certificate, we usually store it in the KeyStore, so that Rampart can > easily pick it up from KeyStore. > > > > > Why does my password callback class need to supply the client's > certificate password? It's just supposed to be the client's public key, > right? So, why the password? > > Even though we have a single password callback class in Rampart samples > in the real world scenario there should be two password callback classes > - one for server and one for client. > > At the server side password callback class do not need to supply > client's password. > > Thank you, > Dimuthu > > > Thanks, > > Nate Roe > > -- Don't be evil!!!
