WSDL Binding have some extensibility that you can declare which part to encrypt. But I probably will go with another route, describe as follows ...
There is a WSDL and WS-Policy, which part to be encrypted will be described in the WS-Policy.
The communication path will look like ... ClientApp -> ClientSideGateway -> Network -> ServerSideGateway -> ServerApp
ClientApp & ServerApp - cares only WSDL ClientSideGateway & ServerSideGateway - cares only WS-Policy
Rgds, Ricky
At 01:30 PM 1/9/2004 -0800, Shantanu Sen wrote:
Suppose I have a method that I want to expose as a web-service. I can generate a WSDL that describes the service end-point, format etc. Supppose I expect that one or more parameters of this method will be encrypted , and my service will also return an encrypted string which I expect the client to decrypt.
How would I go about describing this to the client? Clearly, I need to supply something more than a WSDL document to the client. Even if the client has an underlying infrastructure (e.g. a security gateway) it needs some sort of information. Does WS-Policy provide that?
Thanks, Shantanu Sen --- Ricky Ho <[EMAIL PROTECTED]> wrote: > There is a nice separation between application > processing and > infrastructure processing. WSDL describes the > former and WS-Policy > describe the later. > > If you are writing application code, you shouldn't > care about WS-Policy > (and WS-Security), you only care about WSDL. The > underlying infrastructure > (e.g. a security gateway) should take care about > this for you. > > However, it you are writing the intermediary code > doing infrastructrure > processing, then you shouldn't care about WSDL. > Instead you should deal > with WS-Policy which is a less mature area (you > probably need to do some > proprietary policy exchange handshaking). > > Rgds, Ricky > > At 12:58 PM 1/9/2004 -0800, Shantanu Sen wrote: > >Please point me to the correct forum if you know > where > >I should post this question. > > > >As far as I know, currently there is no extension > in > >WSDL for WS-Security. In other words, looking at a > >WSDL there is no way to figure out if the service > >expects security information as specified in > >WS-Security in the header/body of the SOAP > envelope. > > > >If this is true, how does a client know how to send > >the correct SOAP message to the service i.e. how > does > >it know to add the required security info? > > > >Thanks for any info regarding this. > > > >Shantanu Sen >
