Hi Karl
On Fri, Feb 25, 2011 at 11:56 AM, Rhenius, Karl Stefan <[email protected]> wrote:
>
>> In fact, I'm wondering, if your policy is totally correct.
>> Given that you expect the secure conversation flow all the
>> time, should it look like this instead:
>>
>> <Policy>
>> <ExactlyOnce>
>> <SecureConverstaion/>
>> </ExactlyOnce>
>> <ExactlyOnce>
>> <SecureConverstaion/>
>> <UT/>
>> </ExactlyOnce>
>> </Policy>
>>
>> What do you think ? Wondering if it will work...
>
> Hi Sergey,
>
> no, the webservice should be accessed either with SecureConversation
> messages or
> plain text with a UsernameToken, so I think
>
> <wsp:Policy>
> <wsp:ExactlyOne>
> <SecureConversation>
> <UsernameToken>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
To me this policy reads:
Ensure the message satisfies both SecureConversation and UsernameToken
policies at the same time, because
<wsp:ExactlyOne>
<SecureConversation>
<UsernameToken>
</wsp:ExactlyOne>
is equivalent to
<wsp:ExactlyOne>
<wsp:All>
<SecureConversation>
<UsernameToken>
<wsp:All>
</wsp:ExactlyOne>
> is right. If I understand your policy correct, it would describe
> SecureConversation + an optional UsernameToken?
Indeed. Sorry if I don't understand, but the way you described the
flow sounded like the one which would be validated by this policy,
that is, the first message is starting SecConversation flow, no UT,
and the subsequent messages will be validated by the 2nd alternative
where both SecConversation and UT assertions are available....
Your original policy:
<wsp:ExactlyOne>
<wsp:All>
<SecureConversation>
<wsp:All>
<wsp:All>
<UsernameToken>
<wsp:All>
</wsp:ExactlyOne>
is actually equivalent to two alternatives (because of embedded
wsp:Alls) : either SecureConversation only or UT only, it does not
express the requirement that UT messages should be part of the
SecConversation flow.
Again, I may be misunderstanding...
cheers, Sergey
>
> cheers
> Karl
>
