[
http://jira.jboss.com/jira/browse/JBWS-1814?page=all ]
Thomas Diesler updated JBWS-1814:
---------------------------------
Fix Version/s: jbossws-native-2.0.4
Dynamic Encryption based on clients input
-----------------------------------------
Key: JBWS-1814
URL:
http://jira.jboss.com/jira/browse/JBWS-1814
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-1.2.1, jbossws-2.0.1
Reporter: Magesh Kumar B
Assigned To: Alessio Soldano
Fix For: jbossws-native-2.0.4
Let's say that Bob runs the web service and Alice has a client that uses the web
service. Now John would also like to use the web service. John would create:
johns.keystore
----------------
john - keyPair (pub+priv)
bob - trustedCertEntry (pub)
johns.truststore
----------------
john - trustedCertEntry (just john's public key)
In addition, Bob's keystore would be updated to:
bobs.keystore
----------------
bob - keyPair (public + private key)
alice - trustedCertEntry (just alice's public key)
john - trustedCertEntry (just john's public key)
This does not pose a problem for encrypting the request from the client side since both
Alice and John use Bob's public key to encrypt the message, and Bob of course uses his
pirvate key to decrypt the message. But how is the response message encrypted?
JBossWS apparently does not support multiple clients because the certificate used by the
server to encrypt the response is specified statically in jboss-wsse-server.xml.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira