Cool, if you are interested I'd be glad to help in some way to build such demo
Thanks On Thu, Apr 17, 2008 at 10:27 PM, Dimuthu Leelarathne <[EMAIL PROTECTED]> wrote: > Hi Alberto, > > It is good that you pointed out that we do not have samples domonstrate > the full abilities. We will include a sample to demonstrate how it can > be scaled in the future. The sample will demonstrate how trust is > validated traversing up the certificate chain. > > Thank you, > Dimuthu > > > > On Thu, 2008-04-17 at 15:08 -0500, Alberto Patino wrote: > > I have run rampart demos and it's obvoius that a java keystore doesn't > > scale well. If I want to propagate user identity in service invokes > > throug the use of certificates what happen in an environment with > > thousands of users? > > > > I have always had this question... > > > > On Tue, Apr 15, 2008 at 10:01 PM, Dimuthu Leelarathne <[EMAIL PROTECTED]> > wrote: > > > Hi Nate, > > > > > > Please see my comments below. > > > > > > > > > On Fri, 2008-04-11 at 16:39 -0700, Nate Roe wrote: > > > > I've secured a service using Rampart, and now I'm considering how to > implement the certificate issuance portion. > > > > > > > > To get the service running, I followed Ruchith Fernando's tutorial: > > > > http://wso2.org/library/174 > > > > > > > > Is it necessary to modify the service's keystore to add new client > certificates? Is it possible to store the service's copy of the client's > public keys in a database or in separate files in the filesystem? > > > The easiest way to do this would be to ask the client to include the > > > certificate in the request message always. If we want to store a > > > certificate, we usually store it in the KeyStore, so that Rampart can > > > easily pick it up from KeyStore. > > > > > > > > > > > > > Why does my password callback class need to supply the client's > certificate password? It's just supposed to be the client's public key, > right? So, why the password? > > > > > > Even though we have a single password callback class in Rampart samples > > > in the real world scenario there should be two password callback classes > > > - one for server and one for client. > > > > > > At the server side password callback class do not need to supply > > > client's password. > > > > > > Thank you, > > > Dimuthu > > > > > > > Thanks, > > > > Nate Roe > > > > > > > > > > > > > > -- Don't be evil!!!
