Martin, this "Signature with UsernameToken" functions was more or less reverse engineered, we hadn't any specification at hand. Therefore it could be that some actions/behaviour is not completely correct.
Do you have, by any chance, the original specification? Does anybody who reads the mail has the "official" spec for this function? Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Werner Dittmann [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 16. Juni 2005 22:54 > An: [EMAIL PROTECTED] > Cc: [email protected] > Betreff: Re: How to configure UsernameTokenSignature > > > Martin, > > thats the way it works. Its nit a very secure way, but > the security is achived by the way the secrect key used > to sign is produced. > > This is a spec that Microsoft uses. The secret key is > composed of the password, the created timestamp, a fixed > text string and a nonce (random number). It is not > save to use this key for encryption but is fair enough > to use it for signature because the created time and the nonce > changes for every signature. > > With this technique you can only prove that the document was > not modified during transfer, but not prove that it comes from > a specific client. To do so the client as well as the server > needs to keep trak of the secret keys. The application (server) > can do this because all necessary information is deliverd > to the service. > > This is not done yet for the client. > > Regards, > Werner > > Martin Stemplinger schrieb: > > Werner Dittmann schrieb am 06/11/2005 09:24 AM: > > > >> For an example how to use it and how the action parameters shall be > >> used pls have a look into the interop/**/oasis/ directories and in > >> the files client_deploy.wsdd and ping/deploy.wsdd. The scenario > >> ping2a is the correct one. > >> > >> Regards, > >> Werner > >> > > Werner, > > > > with your kind help I got it working. Thanks! But I'm a bit > surprised > > that client uses a cleartype password even though I gave > the parameter > > to use PasswordDigest. Is this a bug or feature? > > > > Cheers > > Martin > > > >
