Today's Page Hits: 51
This page validates as XHTML 1.0, and will look much better in a browser that supports web standards, but it is accessible to any browser or Internet device. It was created using techniques detailed at glish.com/css/.
Dynamic Key Stores Configuration and STS
With Metro security, one can manage service and user certificates and keys dynamically with Callback handlers for key store and trust store:
<sc:KeyStore xmlns:sc="http://schemas.sun.com/2006/03/wss/server"
callbackHandler="common.KeyStoreCallbackHandler" alias="wssip"/>
<sc:TrustStore xmlns:sc="http://schemas.sun.com/2006/03/wss/server"
callbackHandler="common.TrustStoreCallbackHandler"/>
See Kumar's blog for more details.
This dynamic mechanism can also be used with an Metro based STS.
For STS, keys and certificates for STS and the trusted service providers are used not only for securing the messages, but also used in the STS layer to protect the issued tokens:
1. The certificate and private key of the STS need to be used to sign issued tokens.
2. Certificate of each registered service provider needs to be used to encrypt the proof key and/or the issued token itself for the targeted service provider.
Originally an issue was found to make it work on the STS part. It is now fixed and should be working fine.
Posted at 01:12PM Feb 26, 2009 by jiandongg in Sun | Comments[0]