Re: [ebxmlms-develop] CertResolver questions

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
 <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
 <title></title>
</head>
<body>
Because we are not sure about the type of that parameter now. :-) 
 
Use of EbxmlMessage seems to be straightforward, but not secure enough.
What if both Client A and Client B are valid clients to Hermes, and bad
Client A wants to pretend to be Client B. He can generate a message
from Client B in the surface but triggers the CertResolver to use
Client A's private key to verify. Then Hermes will "think" that the
message is from Client B. 
 
So, if we have Remote object, which contains for example the remote
address, SSL client cert information, etc., it will be a better
candidate for resolving the certificate. Since we don't have that
object yet, we pass Object as key for compatibility. 
 
Regards, -Patrick 
 
 
Mayne, Peter wrote: 
<blockquote type="cite"
 cite="mid...@s-...">
 <meta http-equiv="Content-Type" content="text/html; ">
 <meta name="Generator"
 content="MS Exchange Server version 5.5.2654.45">
 <title>CertResolver questions</title>
 Why does CertResolver.resolve() take an Object
parameter rather than an EbxmlMessage? 
 PJDM 
 -- 
 Peter Mayne 
 Technology Consultant 
 Spherion Technology Solutions 
 Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 
 T: 61 2 62689727&nbsp; F: 61 2 62689777 
 
 <pre>The information contained in this email and any attachments to it:

(a) may be confidential and if you are not the intended recipient, any interference with, 
use, disclosure or copying of this material is unauthorised and prohibited; and

(b) may contain personal information of the recipient and/or the sender as defined 
under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to 
collect, hold and use such information and any personal information contained in a 
response to this email, for any reasonable purpose in the ordinary course of 
Spherion's 
business, including forwarding this email internally or disclosing it to a third party. All 
personal information collected by Spherion will be handled in accordance with 
Spherion's Privacy Policy. If you have received this email in error, please notify the 
sender and delete it.

(c) you agree not to employ or arrange employment for any candidate(s) supplied in 
this email and any attachments without first entering into a contractual agreement with 
Spherion. You further agree not to divulge any information contained in this document 
to any person(s) or entities without the express permission of Spherion.

  </pre>
  </font>
  <pre wrap="">
<hr width="90%" size="4">
The information contained in this email and any attachments to it:

(a) may be confidential and if you are not the intended recipient, any interference with, 
use, disclosure or copying of this material is unauthorised and prohibited; and

(b) may contain personal information of the recipient and/or the sender as defined 
under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to 
collect, hold and use such information and any personal information contained in a 
response to this email, for any reasonable purpose in the ordinary course of 
Spherion's 
business, including forwarding this email internally or disclosing it to a third party. All 
personal information collected by Spherion will be handled in accordance with 
Spherion's Privacy Policy. If you have received this email in error, please notify the 
sender and delete it.

(c) you agree not to employ or arrange employment for any candidate(s) supplied in 
this email and any attachments without first entering into a contractual agreement with 
Spherion. You further agree not to divulge any information contained in this document 
to any person(s) or entities without the express permission of Spherion.
 </pre>
</blockquote>
</body>
</html>