RE: [ebxmlms-develop] Client certificate authentication

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Yes, I know, this isn't to difficult either, assuming no strange things
occure in Hermes.  We've done this with jaxm (with the default sun jsse from
jdk1.4) in several applications. (and ran into a strange padding bug with
this jdk and verisign certificates)

-----Oorspronkelijk bericht-----
Van: Mayne, Peter [mailto:Pet...@ap...]
Verzonden: dinsdag 18 maart 2003 22:49
Aan: 'ebx...@li...'
Onderwerp: RE: [ebxmlms-develop] Client certificate authentication

Note that I'm referring to authentication where Hermes is the client, and
must authenticate to another web server. 

I already have client authentication at the server end working: I just put
Apache in front of Tomcat and let it do all that (as well as HTTPS).

PJDM 
-- 
Peter Mayne 
Technology Consultant 
Spherion Technology Solutions 
Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 
T: 61 2 62689727  F: 61 2 62689777 
-----Original Message----- 
From: Ronald van Kuijk [ mailto:rv...@ab... <mailto:rv...@ab...> ] 
Sent: Wednesday, 19 March 2003 4:38 AM 
To: 'ebx...@li...' 
Subject: RE: [ebxmlms-develop] Client certificate authentication 

It is not to difficult to switch from BA to Cert based authentication. Yes
sure it takes a little more work, but mainly if you want it as a completely
stand-alone application. For that reason running it in a servlet container
(tomcat/jboss/bea/websphere) that does al these things for you makes it that
more easy. One can refer to documentation of those containers to get it
working. That is the way we want to go, including making use of
connectionpools that the server provides for us. Is that already possible? I
did not look into that yet. If you implement it using JAAS, everybody can
chose the way they want to iimplement it, LDAP, flat-file, database
fingerprint, whatever. 

-----Oorspronkelijk bericht----- 
Van: Patrick Yee [ mailto:kc...@ce... <mailto:kc...@ce...> ] 
Verzonden: dinsdag 18 maart 2003 16:14 
Aan: ebx...@li... 
Onderwerp: Re: [ebxmlms-develop] Client certificate authentication 

Nope. Currently, Hermes does not support any HTTP level authentication. 
However, Hermes supports authentication in SMTP. :-) 

So, we think we can add HTTP authentication. The question is: which level
should Hermes support. Basic client authentication is simpler, but client
certificate authentication definitely is the most secure method. But this
involves more complicated development work as well as set up work when
deploying Hermes (specifying certificates, alias, password, etc.).

What do you guys think? 

Regards, -Patrick 

----- Original Message ----- 
From: Mayne, Peter 
To: 'ebx...@li...' 
Sent: Tuesday, March 18, 2003 01:10 PM 
Subject: RE: [ebxmlms-develop] Client certificate authentication 

I'm not sure if we'll be using certificates or something simpler (eg basic
authentication). 
Does Hermes allow for client basic authentication? 
PJDM 
-- 
Peter Mayne 
Technology Consultant 
Spherion Technology Solutions 
Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 
T: 61 2 62689727  F: 61 2 62689777 
The information contained in this email and any attachments to it: 

(a) may be confidential and if you are not the intended recipient, any
interference with, 
use, disclosure or copying of this material is unauthorised and prohibited;
and 

(b) may contain personal information of the recipient and/or the sender as
defined 
under the Privacy Act 1988 (Cth). Consent is hereby given by the
recipient(s) to 
collect, hold and use such information and any personal information
contained in a 
response to this email, for any reasonable purpose in the ordinary course of

Spherion's 
business, including forwarding this email internally or disclosing it to a
third party. All 
personal information collected by Spherion will be handled in accordance
with 
Spherion's Privacy Policy. If you have received this email in error, please
notify the 
sender and delete it. 

(c) you agree not to employ or arrange employment for any candidate(s)
supplied in 
this email and any attachments without first entering into a contractual
agreement with 
Spherion. You further agree not to divulge any information contained in this
document 
to any person(s) or entities without the express permission of Spherion. 