Indeed, these rules (
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826572)
are defined but not well explained in the OASIS guides. However, they
are normally taken care of for you by the web service framework (CXF or
Metro) that you use, so ideally you shouldn't have to worry about them.
They in general refer to how keys are referenced (referred to) within
the SOAP envelope and/or the extensions that keys used must support (for
example, the SubjectKeyIdentifier extension listed in the key details at
the top here:
http://www.jroller.com/gmazza/entry/creating_certificates_with_openssl).
Hopefully, someone can get you more detailed information, but worst
case, you can always grep the CXF and/or WSS4J source code to see how
each requirement is enforced/implemented.
Glen
On 01/27/2013 10:43 AM, cb9 wrote:
Hi,
I am trying to understand ws-security. When read few ws-policy in wsdl
files, I frequently came accross MustSupportRefKeyIdentifier,
MustSupportRefIssuerSerial,
RequireIssuerSerialReference
What does it mean? I tried to read some document at oasis org but I am still
not able to understand it properly.
Thanks
Charles.
--
View this message in context:
http://cxf.547215.n5.nabble.com/ws-security-what-does-MustSupportRefKeyIdentifier-MustSupportRefIssuerSerial-RequireIssuerSerialRefen-tp5722304.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
