Return-Path: Delivered-To: apmail-cxf-users-archive@www.apache.org Received: (qmail 95419 invoked from network); 3 Nov 2008 19:16:45 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 3 Nov 2008 19:16:45 -0000 Received: (qmail 41019 invoked by uid 500); 3 Nov 2008 19:16:51 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 40598 invoked by uid 500); 3 Nov 2008 19:16:50 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 40586 invoked by uid 99); 3 Nov 2008 19:16:50 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Nov 2008 11:16:50 -0800 X-ASF-Spam-Status: No, hits=2.6 required=10.0 tests=DNS_FROM_OPENWHOIS,SPF_HELO_PASS,SPF_PASS,WHOIS_MYPRIVREG X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of lists@nabble.com designates 216.139.236.158 as permitted sender) Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Nov 2008 19:15:32 +0000 Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1Kx4uL-0003Ri-BG for users@cxf.apache.org; Mon, 03 Nov 2008 11:16:13 -0800 Message-ID: <20308758.post@talk.nabble.com> Date: Mon, 3 Nov 2008 11:16:13 -0800 (PST) From: Rajeev jha To: users@cxf.apache.org Subject: Re: why would you use ws-security with certificates? In-Reply-To: <200811031232.36870.dkulp@apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: jha.rajeev@gmail.com References: <20268372.post@talk.nabble.com> <200811031232.36870.dkulp@apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Thanks a ton! I believe that for our requirements probably apache-SSL is good enough. There is only one target server , no intermediaries and transport is on HTTP only. Only hiccup maybe passing some info from client cert to web service code, like CN etc. dkulp wrote: > > > As Glen stated, WS-Security really has it's place when dealing with > intermediaries and such that may need to do limitted processing and/or > routing. Also, things like standard HTTP proxy servers can have issues > with transport level certs. > > If you use transports other than HTTP, another issue comes up. For > example, > soap over JMS. That would work fine with ws-security. > > Dan > > > On Friday 31 October 2008 11:33:21 am Rajeev jha wrote: >> Hi >> Please excuse my ignorance. I am trying to understand why would you use >> ws-security with certificates when you can do the client certificates >> authentication at the apache /web server level? >> >> So assuming that the web services are published from a web server >> (stand-alone tomcat or Apache proxying to tomcat) and you can use the web >> server itself to verify the clients, why use WS-security? what is the >> advantage? >> >> Thanks >> >> -rajeev. > > > > -- > Daniel Kulp > dkulp@apache.org > http://dankulp.com/blog > > -- View this message in context: http://www.nabble.com/why-would-you-use-ws-security-with-certificates--tp20268372p20308758.html Sent from the cxf-user mailing list archive at Nabble.com.