posted 20 years ago
I want to implement the following security transaction using AXIS
Is it possible? If it is not Why ?
1.Clients creates a messages that is a parameter of the webservice call.
2.Client encrypts payload of message using server public key .
3.Clients add to message digital signature using X.509 managed certificate. (It is should be performed automatically to all outgoing clients messages)
4.Client establishes security SSL connection to the server.
5.Client calls appropriate webservice using HTTPS.
6.Server checks digital signature of input message. (It is should be performed automatically to all ingoing server messages)
7.Server decrypts payload of the message using server private key.
8.Server processes the message and creates replay message.
9.Server encrypts message using own private key.
10.Server attaches digital signature to the message.(It is should be performed automatically to all outgoing server messages)
11.Server returns response message back to the client.
12.Client checks server digital signature.(It is should be performed automatically to all ingoing clients messages)
13.Client decrypts payload of the message using server public key.
Scenario above represents the highest level of the security protection. It assumes that messages are protected by set of security keys.
1.Digital signature to authenticate server when establish SSL connection.
2.Digital signature to authenticate client when establish SSL connection
3.Asymmetric key's pair to encrypt SSL traffic between client and server.
4.Digital signature to be added to all outgoing messages on the client side
5.Digital signature to be added to all outgoing messages on the server side
6.Asymmetric key's pair to encrypt encrypt/decrypt payload of the messages.
Sorry. It is probably too long. If somebody has implemented something similar in practise?