Hi Alberto,
Great, this will be helpful. Can you change the policy samples as
Dimuthu has mentioned and attach the patch to a JIRA.
thanks,
nandana
On Sat, Apr 19, 2008 at 10:45 AM, Alberto Patino <[EMAIL PROTECTED]>
wrote:
> Cool, if you are interested I'd be glad to help in some way to build such
> demo
>
> Thanks
>
> On Thu, Apr 17, 2008 at 10:27 PM, Dimuthu Leelarathne <[EMAIL PROTECTED]>
> wrote:
> > Hi Alberto,
> >
> > It is good that you pointed out that we do not have samples domonstrate
> > the full abilities. We will include a sample to demonstrate how it can
> > be scaled in the future. The sample will demonstrate how trust is
> > validated traversing up the certificate chain.
> >
> > Thank you,
> > Dimuthu
> >
> >
> >
> > On Thu, 2008-04-17 at 15:08 -0500, Alberto Patino wrote:
> > > I have run rampart demos and it's obvoius that a java keystore
> doesn't
> > > scale well. If I want to propagate user identity in service invokes
> > > throug the use of certificates what happen in an environment with
> > > thousands of users?
> > >
> > > I have always had this question...
> > >
> > > On Tue, Apr 15, 2008 at 10:01 PM, Dimuthu Leelarathne <
> [EMAIL PROTECTED]> wrote:
> > > > Hi Nate,
> > > >
> > > > Please see my comments below.
> > > >
> > > >
> > > > On Fri, 2008-04-11 at 16:39 -0700, Nate Roe wrote:
> > > > > I've secured a service using Rampart, and now I'm considering
> how to implement the certificate issuance portion.
> > > > >
> > > > > To get the service running, I followed Ruchith Fernando's
> tutorial:
> > > > > http://wso2.org/library/174
> > > > >
> > > > > Is it necessary to modify the service's keystore to add new
> client certificates? Is it possible to store the service's copy of the
> client's public keys in a database or in separate files in the filesystem?
> > > > The easiest way to do this would be to ask the client to include
> the
> > > > certificate in the request message always. If we want to store a
> > > > certificate, we usually store it in the KeyStore, so that Rampart
> can
> > > > easily pick it up from KeyStore.
> > > >
> > > >
> > > >
> > > > > Why does my password callback class need to supply the client's
> certificate password? It's just supposed to be the client's public key,
> right? So, why the password?
> > > >
> > > > Even though we have a single password callback class in Rampart
> samples
> > > > in the real world scenario there should be two password callback
> classes
> > > > - one for server and one for client.
> > > >
> > > > At the server side password callback class do not need to supply
> > > > client's password.
> > > >
> > > > Thank you,
> > > > Dimuthu
> > > >
> > > > > Thanks,
> > > > > Nate Roe
> > > >
> > > >
> > >
> > >
> > >
> >
> >
>
>
>
> --
> Don't be evil!!!
>
