Can someone explain the purpose of wss10/wss11 assertions in a security policy?
I thought their purpose was to express some kind of requirement. But my tests failed to confirm that. I am using a symmetric binding (with derived keys) and the only wss11 assertion I have found to be absolutely critical is sp:MustSupportRefEncryptedKey. Without this assertion, my web service requests will fail. On the other hand, my client is free to send requests with sp:RequireIssuerSerialReference even if my server policy specifies sp:Wss11/wsp:Policy/sp:MustSupportRefThumbprint. Thank you, -- Philippe
