Hi Alberto, It is good that you pointed out that we do not have samples domonstrate the full abilities. We will include a sample to demonstrate how it can be scaled in the future. The sample will demonstrate how trust is validated traversing up the certificate chain.
Thank you, Dimuthu On Thu, 2008-04-17 at 15:08 -0500, Alberto Patino wrote: > I have run rampart demos and it's obvoius that a java keystore doesn't > scale well. If I want to propagate user identity in service invokes > throug the use of certificates what happen in an environment with > thousands of users? > > I have always had this question... > > On Tue, Apr 15, 2008 at 10:01 PM, Dimuthu Leelarathne <[EMAIL PROTECTED]> > wrote: > > Hi Nate, > > > > Please see my comments below. > > > > > > On Fri, 2008-04-11 at 16:39 -0700, Nate Roe wrote: > > > I've secured a service using Rampart, and now I'm considering how to > > implement the certificate issuance portion. > > > > > > To get the service running, I followed Ruchith Fernando's tutorial: > > > http://wso2.org/library/174 > > > > > > Is it necessary to modify the service's keystore to add new client > > certificates? Is it possible to store the service's copy of the client's > > public keys in a database or in separate files in the filesystem? > > The easiest way to do this would be to ask the client to include the > > certificate in the request message always. If we want to store a > > certificate, we usually store it in the KeyStore, so that Rampart can > > easily pick it up from KeyStore. > > > > > > > > > Why does my password callback class need to supply the client's > > certificate password? It's just supposed to be the client's public key, > > right? So, why the password? > > > > Even though we have a single password callback class in Rampart samples > > in the real world scenario there should be two password callback classes > > - one for server and one for client. > > > > At the server side password callback class do not need to supply > > client's password. > > > > Thank you, > > Dimuthu > > > > > Thanks, > > > Nate Roe > > > > > > >
