Re: Commercial Certificate

Hi just me again

Excellent point Julie, have seen some of your posts, blog and I think some
articles you may have written. I still think William's implementation is the
best solution I have seen anywhere because certificates are messey to set up
on client machines
where in Williams scenario strong named assemblies are used I have found
they are far more simple to enable. Plus the whole point of Secure
Conversation is that it is far easier to implement and not resticted like SSL
in its capacity for just endpoint to endpoint encryption. I.E. what if more
hops are required in the solution.

I have been playing with the new WSE 3.0, the implementation of MTOM and the
turnkey scenario's are excellent but very dissapointed that still no choice
for someone who DOES NOT WANT TO USE X509 certificates, Kerberos, or SSL and
just plain jane (sorry only jane I knew wasn't very plain) solution like what
William has came up with that is super powerful as well as being simple.

Cheers

Cormac

"Julie Lerman" wrote:

> wow - some storm. The power just came back on! <G>
>
> Anyway...
>
> depending on your scenario, you don't always need the clients to have their
> own certificates, though you definitely want one on the server. Typical
> scenario is if the clients' are being authenticated either on the intranet
> using their windows logins or over the web iwth a login/password against a
> database. You can use something like a secure conversation and get all of
> the encryption and signing. there are situations where this might mean
> encrypting and signing with a usernametoken which is possible but not
> recommended - and if you are talking about WSE2.0 (assuming this to be the
> case) and considering using the username tokens - definitely check Keith
> Brown's article about using them safely. (you should find that right on the
> msdn web services (Securing the Username Token with Web Services
> Enhancements 2.0 ) at msdn.microsoft.com/webservices/buildling/wse.
>
> You really have to figure out what it is you want and need to accomplish in
> your application (on both ends) and then you can decide how you want to put
> the pieces together. It is a little complicated which is why in WSE3.0, they
> have gone to a model of selecting the entire scenario from one end to the
> other and back again, rather then determining what you want the client to do
> and then separately determining what you want the server to do. That's the
> new turnkey security scenarios.
>
> Anyway - I hope this helps a little, and if you want to explain what your
> scenario is, I can try to help you figure out where you need what types of
> certificates. Also, if you are able to move right to WSE3.0 (which means
> using VS2005 and also not deploying until late fall) then a lot of these
> things will be much easier.
>
> Julie Lerman
>
> "Julie Lerman" <jlermanATNOSPAMPLEASEthedatafarm.com> wrote in message
> news:uskaHHulFHA.3380@xxxxxxxxxxxxxxxxxxxxxxx
> > Guys-
> > Do you NEED certificates on all of the clients?
> > The most common scenario is to get a web server certificate. This confused
> > me at first because there is "no such thing" at verisign/thawte etc. They
> > are SSL Certificates!!
> >
> > oops there's lightning!!!
> > gotta shut down
> > more later
> > julie lerman
> > "Alex Trebek" <trebek@xxxxxxxxxxxxxx> wrote in message
> > news:b22b9$42e690f2$d844140d$3594@xxxxxxxxxxx
> >> Excellent!! -- Thanks!!!
> >>
> >> Alex
> >>
> >>
> >> "Cormac" <Cormac@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:510627EC-8DE6-4662-8204-FEFAF5D20539@xxxxxxxxxxxxxxxx
> >>> Hi Alex/Sam
> >>>
> >>> I was in a similar situation since I didn't want to even use X509
> >>> certificates tried to find a resolution to using X509 certificates since
> >>> you
> >>> have to install them on all client machines, if you get them from a
> >>> certificate authority they cost a packet. If you create your own then
> >>> you
> >>> have to create your own certificate authority and issue them through one
> >>> of
> >>> the Microsoft servers (forgot the name). Until I found William Staceys
> >>> (Cool
> >>> Guy) blog.
> >>>
> >>> http://spaces.msn.com/members/staceyw/Blog/cns!1pnsZpX0fPvDxLKC6rAAhLsQ!268.entry
> >>>
> >>> He was mad enough to come up with a solution that uses Security Context
> >>> Tokens or Secure Conversation as many people call it that allows the
> >>> developer to develop a Security Context Token Service that issues
> >>> Security
> >>> Context Tokens to clients and encrypt and sign each SOAP message without
> >>> using X509 certificates.
> >>>
> >>> He uses strong naming on each assembley to create a Public and Private
> >>> key
> >>> just like in X509 certificates to create a Symmetric key to be used by
> >>> both
> >>> endpoints.
> >>>
> >>> I have implemented it with WSE 2.0 SP 3 and am upgrading it to Beta 2, I
> >>> would strongly recommend it instead of using X509 certificates why
> >>> through
> >>> money and alot of frustation away on X509 certificates when this is free
> >>> and
> >>> better in my humble opionon.
> >>>
> >>> Cormac
> >>>
> >>> "Alex Trebek" wrote:
> >>>
> >>>> If anyone has some insight here, I'd appreciate it as well.. Versign
> >>>> was not
> >>>> much help by phone either. Their own certificate issuing service
> >>>> (there are
> >>>> many links to it and a triar offer on their site) generates
> >>>> certificates
> >>>> that work fine (from my trials with their service) but I don't think
> >>>> we'll
> >>>> have the budget for that so I am also in the position of the OP.
> >>>>
> >>>> Thanking anyone who might be able to help,
> >>>>
> >>>> Alex
> >>>> "Sam" <bytecode@xxxxxxxxxxxx> wrote in message
> >>>> news:%23yuaaWakFHA.2852@xxxxxxxxxxxxxxxxxxxxxxx
> >>>> > Has anyone used WSE with a commercially issued certificate from
> >>>> > a CA ?
> >>>> >
> >>>> > Where do I get a CA X.509 cert from.. couldnt find any link on
> >>>> > Verisign's site.
> >>>> >
> >>>> > Thanks
> >>>> > /s
> >>>>
> >>>>
> >>>>
> >>
> >>
> >
> >
>
>
>
.

Relevant Pages

  • Re: Commercial Certificate
    ... One of our clients is mandating that we use them. ... > best solution I have seen anywhere because certificates are messey to set up ... >> depending on your scenario, you don't always need the clients to have their ... >> msdn web services (Securing the Username Token with Web Services ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Commercial Certificate
    ... depending on your scenario, you don't always need the clients to have their ... own certificates, though you definitely want one on the server. ... >>> He was mad enough to come up with a solution that uses Security Context ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Commercial Certificate
    ... I created a new one based on Secure Remote Password ... Sends Username in the clear. ... > where in Williams scenario strong named assemblies are used I have found ... > for someone who DOES NOT WANT TO USE X509 certificates, Kerberos, or SSL ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: On Open Source
    ... For example, this scenario. ... I put them side by side and make SSL keys. ... There would be benefits using root certificates in a scenario similar to ... If you trust neither the root certificate nor the certification practice ...
    (sci.crypt)
  • Re: Adding an Enterprise Project Text Field to the Timesheet View
    ... You may get a quicker response if you post your question to the Project ... Server newsgroup: Microsoft.public.project.server ... Julie ... > Scenario - we have a billing code for each project we work on. ...
    (microsoft.public.project)
Loading