I guess in CA speak, I'm asking whether or not an incoming embedded client certificates can be checked against a CRL or Certificate Revocation List, which would be updated periodically from a CA.
Richard... > -----Original Message----- > From: Richard Wareing [mailto:[EMAIL PROTECTED] > Sent: 2005 September 30 4:42 PM > To: 'Abhijit Sharma'; 'Apache WSS4J-Dev Mailing List' > Subject: RE: Server Side - Sender Encryption Question > > Hi Abhijit, > > So I got the signing and encryption working bi-directionally with the > use of my own Certificate Authority (FYI a link on how to do this: > http://www.devx.com/Java/Article/10185/1763/page/1). Using the method > suggested, I no longer need to store any certificates of the clients, > since I can now check the embedded certificates to make sure they were > signed by my CA. And at the end of the day I now have a method of > securely authorizing a web service client to access the web service. > > My one remaining question is, say I know wish to revoke access to the > web service. Other than waiting for the web service client's signed > key-pair to expire, how can I terminate this client's access to the > service? Would it be possible to check with the CA to see if the user's > signed certificate was revoked? > > Richard Wareing > Reimer Technology Group > > > > -----Original Message----- > > From: Abhijit Sharma [mailto:[EMAIL PROTECTED] > > Sent: 2005 September 29 11:53 PM > > To: 'Richard Wareing'; 'Apache WSS4J-Dev Mailing List' > > Subject: RE: Server Side - Sender Encryption Question > > > > If the Request came in signed then the public key or > certificate(included > > in > > the WSSecurity Header) used to sign the request can be used to encrypt > the > > response also. > > > > Regards, > > Abhijit > > > > -----Original Message----- > > From: Richard Wareing [mailto:[EMAIL PROTECTED] > > Sent: Thu, September 29, 2005 11:41 AM > > To: Apache WSS4J-Dev Mailing List > > Subject: Server Side - Sender Encryption Question > > > > Is there a method of having the client request a particular encryption > > key be used to encrypt the response data? > > > > What I'm trying to do here is have each web service user submit to us > > their public encryption key and use that to encrypt the data back to > > them (in conjunction with signing). In other words, depending on the > > particular user that might be using the web service, we would use a > > specific public key to encrypt data back to them. > > > > Is there a way to accomplish this? > > > > Richard Wareing > > Reimer Technology Group > > > > > > --- > > [This E-mail scanned for viruses by Declude Virus] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --- > > [This E-mail scanned for viruses by Declude Virus] > > > --- > [This E-mail scanned for viruses by Declude Virus] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --- > [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
