Hi Harshit,
Some answers are inline.
Thanks
AmilaJ
Harshit Bapna wrote:
Hi All,
I am thinking of using RAMPART module for ws security.
Requirement:
To perform endpoint authentication as well as user authentication.
Client endpoint authentication :- To allow only a configured client to invoke
the web service.
User authentication :- To allow only a specific user/actor to invoke the
service. The reason for this requirement is that the same endpoint can be used
by different type of users(Admin, CSR, normal user)
I have gone through various sample 1-8 supplied wih rampart 1.5 install.
Question:
1. Can I combine userName & WssX509V3Token10 token for user and endpoint auth ?
UserName token - for user authentication)
WssX509V3Token10 - for endpoint PKI credential authentication
Yes, you can. Inorder to get WssX509V3Token10 support you can
either use SymmetricBinding or AsymmetricBinding mechanisms. With one of
above bindings you can use UserName token as a supporting token.
2. Also can secure conversation benefits be available when the above two type
of tokens are used.
As far as i know you should be able to use secure conversation with
above mentioned tokens. Again you can use symmetric binding or
asymmetric binding and you should use SecureConversationToken. Thus the
user name token should be added as a supporting token.
If you have any better suggestion to handle this requirement please let me know.
I guess the way you are heading is ok. In-case if you need more security
you should use SymmetricBinding or AsymmetricBinding. When you use
SymmetricBinding or AsymmetricBinding, keys used to encrypt/sign each
message differ from another. But if you are more concern about
performance you can use Secure conversation. In secure conversation
Rampart uses the same key to encrypt/sign messages for a given period of
time.
Harshit Bapna
Team Lead
Arcot Systems
