[jbossws-issues] [JBoss JIRA] Updated: (JBWS-1814) Dynamic Encryption based on clients input

Thomas Diesler (JIRA) jira-events at lists.jboss.org
Mon Feb 18 03:20:28 EST 2008 

     [ http://jira.jboss.com/jira/browse/JBWS-1814?page=all ]

Thomas Diesler updated JBWS-1814:
---------------------------------

    Fix Version/s: jbossws-native-2.0.4

> Dynamic Encryption based on clients input
> -----------------------------------------
>
>                 Key: JBWS-1814
>                 URL: http://jira.jboss.com/jira/browse/JBWS-1814
>             Project: JBoss Web Services
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: ws-security
>    Affects Versions: jbossws-1.2.1, jbossws-2.0.1
>            Reporter: Magesh Kumar B
>         Assigned To: Alessio Soldano
>             Fix For: jbossws-native-2.0.4
>
>
> Let's say that Bob runs the web service and Alice has a client that uses the web service. Now John would also like to use the web service. John would create: 
> johns.keystore 
> ---------------- 
> john - keyPair (pub+priv) 
> bob - trustedCertEntry (pub) 
> johns.truststore 
> ---------------- 
> john - trustedCertEntry (just john's public key) 
> In addition, Bob's keystore would be updated to: 
> bobs.keystore 
> ---------------- 
> bob - keyPair (public + private key) 
> alice - trustedCertEntry (just alice's public key) 
> john - trustedCertEntry (just john's public key) 
> This does not pose a problem for encrypting the request from the client side since both Alice and John use Bob's public key to encrypt the message, and Bob of course uses his pirvate key to decrypt the message. But how is the response message encrypted?
> JBossWS apparently does not support multiple clients because the certificate used by the server to encrypt the response is specified statically in jboss-wsse-server.xml.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbossws-issues mailing list