Hi Joe, Yes, Rampart supports WS-SecureConversation specification. Please refer to the Sample-04 of the Rampart binary distribution[1].
Thanks, Thilina [1] - http://axis.apache.org/axis2/java/rampart/download.html Thilina Mahesh Buddhika http://blog.thilinamb.com On Thu, Jan 13, 2011 at 1:42 AM, Joe Nromberg <[email protected]> wrote: > Hello, > > The WS-SecureConversation standard at > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.html > mentions > the following as a way to create a security context token in Section 3: > > Security context token created by one of the communicating parties and > propagated with a message – The initiator creates a security context token > and sends it to the other parties on a message using the mechanisms > described in this specification and in [WS-Trust]. This model works when > the sender is trusted to always create a new security context token. For > this scenario the initiating party creates a security context token and > issues a signed unsolicited <wst:RequestSecurityTokenResponse> to the other > party > > Does Axis2/Rampart support this? If so, can somebody please point me to a > sample security policy that does this? I am trying to set up a client and a > server such that the client generates a SCT without contacting a STS and > sends it to the server in a RSTR. I have not found any examples that do > this. > > Thanks in advance for your help! > > Joe > >
