[
https://issues.apache.org/jira/browse/RAMPART-27?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12508217
]
Marc J commented on RAMPART-27:
-------------------------------
Extracted from WS-SecurityPolicy Examples Working Draft 14, 15 May 2007
This scenario is based on WS-I SCM Security Architecture Technical requirements
for securing the SCM Sample Application, March 2006 [WSI-SCM-SAMPLEAPPL -
GetCatalogRequest, SubmitOrderRequest].
This use case corresponds to the situation where both parties have X.509v3
certificates (and public-private key pairs). The Initiator includes a user name
token that may stand for the Requestor on-behalf-of which the Initiator is
acting. The UsernameToken is included as a SupportingToken; this is also
encrypted. The Authority for this request is generally the Subject of the
Initiator's trusted X.509 Certificate.
We model this by using the asymmetric security binding [WSSP] with a
UsernameToken SupportingToken.
Is there a way to do this?
> The user in the configuration for UsernameToken and Signature should be
> different
> ---------------------------------------------------------------------------------
>
> Key: RAMPART-27
> URL: https://issues.apache.org/jira/browse/RAMPART-27
> Project: Rampart
> Issue Type: Improvement
> Components: rampart-policy
> Reporter: Hailong Wang
>
> Current rampart has no way to specify different user for UsernameToken and
> Signature in configuration.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
