For explaining my situation, I will start with an example. Let's say there are two WS(WebService) clients A & B with trusted certificates. Now in normal excecution when both A & B make a call to WAS(Websphere application server) through SSL where my WebServices reside, WAS trusts both of them because of their trusted certificates and alows access to required WS. What we like to have is to allow only A not B to access WS on WAS, so after certificates verification is it possible to extracts user info (from WAS admin or Java way)which will be mapped to role defined in WAS for accessing WS
views:
335answers:
3Sounds like rather than programming this into the application you could just use a revocation model instead. SSL was designed so that a certificate authority (presumably you in this case) could revoke certificates, so why not use that instead?
It's difficult to give you any concrete advice without knowing what platform you're on or how you're doing all your SSL connections and such, but setting up a central CA that signs all the certs that go out and maintaining a revocation list sounds like it would work just fine. You wouldn't need to add anything to the application either (other than dropping non-valid SSL connections).
Hi Bob, Thanks 4 ur reply. I have set this on J2EE platform on WebSphere Application Server. I have created self-signed certificates for client application and WebService deployed at WAS, added these certs to opposite side's trusted zone(for client at serer side n vice-versa). Can you please tell me more about this revocation model n related concepts, if u have some useful links would really help.
Thanks,
I would rephrase my problem.
from WebService client A the user would map to a role say RoleA and from WS B the role gets mapped to RoleB. Now at Server side the operation for these clients should be role based. So, wanted to extract user specific information from the certificates of the client coming to Server so as to map them with a role for further operation at server which will be role specific.
Thank,