Hi Abhijit, So I got the signing and encryption working bi-directionally with the use of my own Certificate Authority (FYI a link on how to do this: http://www.devx.com/Java/Article/10185/1763/page/1). Using the method suggested, I no longer need to store any certificates of the clients, since I can now check the embedded certificates to make sure they were signed by my CA. And at the end of the day I now have a method of securely authorizing a web service client to access the web service.
My one remaining question is, say I know wish to revoke access to the web service. Other than waiting for the web service client's signed key-pair to expire, how can I terminate this client's access to the service? Would it be possible to check with the CA to see if the user's signed certificate was revoked? Richard Wareing Reimer Technology Group > -----Original Message----- > From: Abhijit Sharma [mailto:[EMAIL PROTECTED] > Sent: 2005 September 29 11:53 PM > To: 'Richard Wareing'; 'Apache WSS4J-Dev Mailing List' > Subject: RE: Server Side - Sender Encryption Question > > If the Request came in signed then the public key or certificate(included > in > the WSSecurity Header) used to sign the request can be used to encrypt the > response also. > > Regards, > Abhijit > > -----Original Message----- > From: Richard Wareing [mailto:[EMAIL PROTECTED] > Sent: Thu, September 29, 2005 11:41 AM > To: Apache WSS4J-Dev Mailing List > Subject: Server Side - Sender Encryption Question > > Is there a method of having the client request a particular encryption > key be used to encrypt the response data? > > What I'm trying to do here is have each web service user submit to us > their public encryption key and use that to encrypt the data back to > them (in conjunction with signing). In other words, depending on the > particular user that might be using the web service, we would use a > specific public key to encrypt data back to them. > > Is there a way to accomplish this? > > Richard Wareing > Reimer Technology Group > > > --- > [This E-mail scanned for viruses by Declude Virus] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --- > [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
