WSE3.0 with X.509 Certificate authentication -- dotnet web services enhancements

dotnet web services enhancements : WSE3.0 with X.509 Certificate authentication

suresh.csharp NO[at]SPAM gmail.com
4/19/2006 2:38:39 PM

Hi,
I am trying to implement web services with WSE3.0 and X.509
Certificate authentication. I have gone through WSE quick start
examples. Looks very impressive.

I have couple of questions on X.509 certificates.

In WSE 3.0 Quick start example Message layer X.509 example, We are
using X.509 certificate for client side application with
CN="WSE2QuickStartClient". We have 50 clients installed on different
machines. Do we need to create 50 - X.509 certificates with
CN="WSE2QuickStartClient from same CA's. Or only one Client X.509
Certificate we can distribute to all the 50 clients.

if we go with X.509 certificate authentication, is other platforms like
delphi, java are compatible right? If we give X.509 Service
certificate public key they can talk to our web services right.
Even they have to get client side X.509 certificate from CA's with same
CN="" mentioned in Services policy.

Each client X.509 certificates manually need to be installed before
talking to web services.

Thank you!
Suresh

suresh.csharp NO[at]SPAM gmail.com
4/20/2006 11:36:54 AM

Hi Pablo Cibraro,
Thanks for your quick response.
1. Is UsernameOverCertificateAssertion works with cross platforms
like java, Delphi..?

2. Which one is recommended for cross platforms Webservices X.509
authentication or UsernameOverCertificateAssertion?

3. Is it possible to talk from .NET 1.1 applications without WSE to
talk to Webservices which are implemented by WSE 3.0.

Thank you!
Suresh

Pablo Cibraro
4/20/2006 12:16:23 PM

Hi Suresh,

1. Do we need to create 50 - X.509 certificates with
CN="WSE2QuickStartClient from same CA's. Or only one Client X.509
Certificate we can distribute to all the 50 clients ?

If you want to identify to each client in a different way, for example,
Client1, Client2, Client3, etc, you will have to install a different
certificate for each one.
If you do not care about that, and it is possible for you to treat the
clients in the same way, you can install one certificate for all of them.

Another approach is to use a UsernameOverCertificateAssertion. In that case,
you only need to distribute the public key of your service certificate, and
you can still distinguish each user

2. if we go with X.509 certificate authentication, is other platforms like
delphi, java are compatible right?

Yes, it is compatible.

3. If we give X.509 Service certificate public key they can talk to our web
services right

Yes, that is correct

4. Each client X.509 certificates manually need to be installed before
talking to web services.

Yes, that is correct.

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax

[quoted text, click to view]

Pablo Cibraro
4/21/2006 10:33:51 AM

1. Yes, it is completely recommended to work with cross platforms.
2. Both are the same.
3. if the Web Services are secure, you will have to create your own
framework to apply message security to the messages. WSE 2.0 runs on .NET
1.1 but it is not compatible with WSE 3.0.

I recommend you to take a look to this project in GDN, it is about
interoperability between different vendors such as Microsoft, IBM, Novel,
SAP; etc.

http://practices.gotdotnet.com/projects/wsibsp

Regards,
Pablo.

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about dotnet web services enhancements

home · blog · groups

Questions? Comments? Contact the dn