It depends on whether you require client authentication or not. If you don't then you don't need to sign any message part when using TLS.
Colm. On Tue, Feb 7, 2012 at 12:53 AM, sram <[email protected]> wrote: > thanks. With TLS and supporting binary X509 token in SOAP, is there any > benefit signing parts of message or timestamp, when the communication model > is only between two nodes? > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/SecurityPolicy-Option-tp5456290p5461795.html > Sent from the cxf-user mailing list archive at Nabble.com. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
