Hi everybody, currently I am researching how Rampart is validating and verifying the secured artifacts. Let me give you a sample scenario. Let's say we have a WS which policy defines that a specific <sp:EncryptedElements/> should be encrypted (corresponding to a given XPath expression). I am interested in understanding the mechanism that is used to verify that the incoming message has encrypted exactly that <sp:EncryptedElements/> with the given specific XPath expression, but not something else. I suppose rampart is not just counting scheme to ensure that the right number of encrypted/signed parts/elements is reached? I have not finished my research, but I will appreciate any good thoughts and references related to this topic.
Regards, Dobri
