All, If I use a reference to a subject key identifier I got the following on the wire:
... <wsse:SecurityTokenReference><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>MIID6TCCA1KgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBoDELMAkGA1UEBhMCQ0gxDTALBgNVBAgT BEJlcm4xDTALBgNVBAcTBEJlcm4xEzARBgNVBAoTCml0U2VydmUgQUcxGDAWBgNVBAsTD0xvaG5z dGFuZGFyZC1DSDEcMBoGA1UEAxMTUmVmQXBwIFBJViBSZWNlaXZlcjEmMCQGCSqGSIb3DQEJARYX bG9obnN0YW5kYXJkQGl0c2VydmUuY2gwHhcNMDQwNzAyMDkwMzU3WhcNMDUwNzAyMDkwMzU3WjCB ....y0PZksq +C8tEO3Xjukv83CklYo6KELoH83sBJBmiXFQs8ClGmBejn/RLnp</wsse:KeyIdentifier></wsse:SecurityTokenReference> </ds:KeyInfo> ... Per the X.509 Certificate Token Profile (section 3.2.1) the ValueType attribute must be http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier and should contain the encoded SubjectKeyIdentifier of the certificate and not the entire certificate as above. Is this a bug or am I wrong? Yves
