[xmlsec] newbie question - not including X509 certificate
Insoo.Lee at gs.com
Fri Mar 12 15:20:30 PST 2004
We are looking to receive signed SOAP message from our client.
We like to conform to WS-Security as much as possible while using Apache XML
A question is:
Since we have only one client sending us the message, we would like to
eliminate the overhead of keeping X509 certificate in the SOAP message.
1) Is it possible to store client's public key on our site and just
use it to validate the signature without having to read extract it from SOAP
2) Is this recommended practice?
More information about the xmlsec