tags:

views:

157

answers:

0
Q: 

Federated security scenario with HTTPS

I'm planning to build a set of web services which are going to use geneva-based custom STS to authenticate users. Both STS and relying services will belong to the same party, so the whole goal of going to federated security is providing Single Sign-On point and retrieving all the authorization information only once. Both STS and relying services will be accessed via HTTPS.

So my questions are:

  1. Seems perfectly ok to use the same certificate for both signing and encrypting security token. Am I right?

  2. Is it possible to use the same certificate for both providing SSL, encrypting and signing the token? According to http://weblogs.asp.net/cibrax/archive/2006/11/17/x509-certificates-for-wse-and-wcf-part-2.aspx, certificates required for WCF seem to have broader set of attributes then that of SSL certificates and hence may be used for all these purposes. Is that true?

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?