Hi,

it's not directly related to SWS, but to WS-Security. I hope this is okay.

If i'm using certificates to sign and encrypt my SOAP-Messages, is this really good for clients applications?

I mean, a person which want to work with my WebService needs his own certificate.
How can i explain a person (secretary, warehouseman, ...) which isn't very good in computer things, what it is and how to get it? Isn't the certificate thing to complex for people?

That's why i think about to use the normal digest-way for my web service - the username/password princip understands every one.

What do you think?

Cheers,

Ingo