2012/2/10 Ruchith Fernando <ruchith.ferna...@gmail.com> > Hi Filippo, > > > Yes, this is like yet another web service now. What rampart provides > at this point is an API to construct required elements and if you > apply security policy to an operation then the results of processing > the security header will be available at the issuer implementation > through the RahasData instance. > However I don't think this will interop with other implementation of > WS-Trust but it should work for your scenario. >
In my scenario, i don't want any security header now, because i want a negotiation between two entity that are completely unknown and don't trust, for example, in public certificate from any CA; i'm trying to work in a completely open scenario, where two entities make an agreement, if it's possible depending on their own policies, trough a negotiation. These policies are exchanged in the initial messages of the negotiation and are expressed with WS-Policy; so i need to include, in my RequestSecurityTokenResponse (that is in the soap body of messages) <wsp:Policy> elements , included in their turn into custom elements defined by a xml-schema. So i imagine that i don't need any security header; instead i need, maybe, some signature material inside my custom xml structure, within <wst:RequestSecurityTokenResponse>. If i need to extract information from signature material element, do u think i need rampart api? Do u think in my client and MyIssuer, can i use API to use some security element, everywhere this element is put in the soap message? I mean, Rampart and Rahas (as u said for ex a RahasData instanze) give us API to process only ordinary message, with security header, or i can use them to process element, containing security element (such as siganture material), wherever these element is put in the message? What do u think about? I know that i'm perhaps too general with this questions, but my scenario has to be as open as possible, and in this point i even know exactly the details. In my messages i have to transport policies, expressed with WS-Policy, and security token representing credential, that can be x509token, or other custom credential. I'm thinkin also about using SAML token to represent credential (for example a document that assures that *i'm a student of "XXXX" university, since 2004*...these are the type of credentials i need), maybe u know if it's possible? p.s: in my prevous messages i omitted a detail: both client and service has to communicate with a framework, that can guide the negotiation, processing the input message and creating the output message. The problem is that this framework uses properly message format, so i need to do a 1:1 translation between Trust messages and message used by framework. This is the reason why i need in every message to extract the information, on order to do this translation. Thanks a lot! Regards, Filippo A.
