[xmlsec] newbie question - not including X509 certificate
Rich Salz
rsalz at datapower.com
Fri Mar 12 15:31:11 PST 2004
> 1) Is it possible to store client's public key on our site and just
> use it to validate the signature without having to read extract it from SOAP
> head?
Yes. Aleksey will have to answer with a pointer to the specific
API's or CLI flags you'll need to use. :)
> 2) Is this recommended practice?
It's perfectly fine to avoid the certificate. I would, however, ask
your signer to include *some* identifier, so that later on you can
handle multiple signers without breaking. Even a simple dsig:KeyName.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
More information about the xmlsec
mailing list