Hi Dobri,
<encryptionUser>useReqSigCert</encryptionUser>
>
> My question is is it possible to use this with Symmetric binding?
Good question. When a symmetric binding is used
encrpted
key is created and that encrypted key is used to sign and encrypt the
messages back and forth. So we won't be able to get the certificate that
used to sign the message as the message is signed using the encrypted
key not the initiators signature. But it won't be a problem as in Symmetric
binding case we don't need the initiators certificate to encrypt the message
as the message is encrypted using the encrypted key.
And one more thing. If the policy specifies an endorsing
supporting
token or signed endorsing supporting token, then the message signature
signed
using the endorsing supporting token. In that case, we use initiator
certificate
(if the supporting token is a X509 cert) to sign the message signature.
However
we don't need this certificate to encrypt the message back to the initiator
as
encrypted key is used for that purpose.
Regards,
Nandana
>
>
> Thank you.
>
> Best regards, Dobri
>
