Hi, Using a policy configuration is it possible to construct a policy that > signs and encrypts a message from requestor to service, and the > response to be to be encrypted using the same key - by sending the > certificate along with the request message?
In encryption, first a encrypted key is created by encrypting a symmetric key with the recipients public key. Then that symmetric key is used to encrypt the message. Encrypted key is sent along with the message so that the recipient can decrypt the encrypted key and extract the symmetric key. Then that symmetric key can be used to decrypt the actual soap parts that were encrypted. In the current implementation even if you use an asymmetric binding, same encrypted key is used to encrypt the request and the response. So anyway, same encrypted key is used to encrypt the request and the response. I'm looking at AsymmetricBinding and finding the Initiator / Recipient > Token concept somewhat confusing. By defining an RecipientToken the > message will be encrypted from initiator to recipient (what I require) > and the response signed from recipient to initiator(I don't require) IFAIK, defining the Initiator token and Recipient token has nothing to do with what parts are signed and encrypted. That only defines what tokens to be used for signing and encryption. Whether the message need to be signed or encrypted and what parts should be signed or encrypted has to defined separately in the policy. Can you post the policy you are using ? Is it not possible to specify only one of these actions? Yes, it is possible. Just as a quick aside - when including a UsernameToken using a policy > configuration, is it possible to specify a username dynamically, like > it is using basic configuration? Yes, you can provide the username using a RampartConfig Assertion in the policy or programmatically setting the username of the RampartConfig. As another aside - are there any editors available for constructing > policy documents? I am working on a one for Rampart. Hopefully I will be able to finish it soon. :) Regards, Nandana
