Menu
▾
▴
Re: [ebxmlms-develop] CertResolver questions
|
From: Patrick Y. <kc...@ce...> - 2003-06-13 09:52:52
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"> <title></title> </head> <body> <blockquote type="cite" cite="mid...@s-..."><span class="732103823-11062003"> <div><font face="Arial" size="2"><span class="732103823-11062003"><font color="#0000ff"><font face="Times New Roman" size="3">If the certificates of all clients will be stored in a centralized place, e.g. a centralized keystore, it's ok to have a global one. But if the certificates are to be managed by the applications in a distributed way, the CertResolver implementation will be different for different applications.</font><br> </font></span></font></div> <span class="732103823-11062003"> <div><span class="732103823-11062003"><font face="Arial" size="2">My CertResolver implementation would work like this:</font></span></div> <div><font face="Arial" size="2">Each ASP client has their own keystore of trusted certificates. (The keystore can be managed by the client, or by the ASP on behalf of the client.) Each keystore is stored on the <span class="732103823-11062003">MSH server</span>. When a message arrives, the CertResolver looks at the message header, selects the right keystore<span class="732103823-11062003"> based on the CpaId</span>, and uses it to get the right certificate.</font></div> <div> </div> <div><span class="732103823-11062003"><font face="Arial" size="2">Can you please give an example of why different CertResolver implementations are required? As far as I can see, this CertResolver would work in all cases.</font></span></div> <div><span class="732103823-11062003"> </span></div> <div><span class="732103823-11062003"></span><font face="Arial" size="2"></font></div> </span></span></blockquote> <br> Yes, "<span class="732103823-11062003"><font face="Arial" size="2"><span class="732103823-11062003"><font color="#0000ff"><font face="Times New Roman" size="3">If the certificates of all clients will be stored in a centralized place, e.g. a centralized keystore, it's ok to have a global one.<font color="#000000">". Your example works too with global CertResolver also. :-)<br> <br> Example when different CertResolver implementations needed. ASP clients manages their own keystore. Some may use a key store file to store the certificates, some may use an LDAP repository, some may use certificate server, etc. We don't know in general where the ASP client would like to store the key. Therefore, we propose to build that part as a hook also.<br> </font></font></font></span></font></span><br> Regards, -Patrick<br> <br> </body> </html> |
