Hi Dobri, do you know if current implementation of Rampart supports this behavior? >
Yes, Rampart current implementation works as above. Regards, Nandana > > Best regards, Dobri > > On Nov 16, 2007 10:05 PM, Nandana Mihindukulasooriya < > [EMAIL PROTECTED]> > wrote: > > > Hi Dobri, > > > > my question is why in case of Symmetric binding there is need of the > > > following parameter: > > > > > > <ramp:encryptionUser>client</ramp:encryptionUser> > > > > > > I think when using the Symmetric binding, in the client side > configuration > > we > > actually need to have only the <ramp:encryptionUser/> property. This > alias > > is > > used to find the certificate to encrypt symmetric key in the encrypted > > key. > > And in the server side we only need to have the <ramp:user/> or > > <ramp:userCertAlias/> property and this alias is used to find the cert > to > > decrypt > > the encrypted key. > > But this is true only if we don't have any supporting tokens. If we have > > supporting > > tokens we always have to have <ramp:user/> property in the client side > > configuration. > > > > Regards, > > Nandana > > > > > > > > > > > Regards, Dobri > > > > > > On Nov 16, 2007 10:27 AM, Dobri Kitipov < > [EMAIL PROTECTED]> > > > wrote: > > > > > > > Hi everybody, > > > > there is a nice article called "Secure Message Exchanges with > Multiple > > > > Users" at http://wso2.org/library/255. > > > > In this article we can read: > > > > > > > > " > > > > <encryptionUser>useReqSigCert</encryptionUser> > > > > > > > > This instructs Rampart/WSS4J to use the certificate that was used to > > > sign > > > > the request. One can specify the encrypted parts to encrypt > different > > > parts > > > > of the message to be encrypted. > > > > " > > > > > > > > My question is is it possible to use this with Symmetric binding? I > > > could > > > > be wrong but my understanding is that if this is supposed to work it > > > will > > > > mean that we want the derived key to be based on the lient's > > > (initiator's) > > > > security token (not the recipient's one), defined in the either > > > encryption > > > > token assertion or protection token assertion. > > > > I know this make much more sense with the Asymmetric binding, but I > am > > > > curious about that. > > > > > > > > Thank you. > > > > > > > > Best regards, Dobri > > > > > > > > > > > > > >
