If you are writing application code, you shouldn't care about WS-Policy (and WS-Security), you only care about WSDL. The underlying infrastructure (e.g. a security gateway) should take care about this for you.
However, it you are writing the intermediary code doing infrastructrure processing, then you shouldn't care about WSDL. Instead you should deal with WS-Policy which is a less mature area (you probably need to do some proprietary policy exchange handshaking).
Rgds, Ricky
At 12:58 PM 1/9/2004 -0800, Shantanu Sen wrote:
Please point me to the correct forum if you know where I should post this question.
As far as I know, currently there is no extension in WSDL for WS-Security. In other words, looking at a WSDL there is no way to figure out if the service expects security information as specified in WS-Security in the header/body of the SOAP envelope.
If this is true, how does a client know how to send the correct SOAP message to the service i.e. how does it know to add the required security info?
Thanks for any info regarding this.
Shantanu Sen
