Cool. Thanks Colm.
Sam
On 16/08/2013 8:39 p.m., Colm O hEigeartaigh wrote:
Hi Sam,
If not specified, the default order is to sign and encrypt.
And I rarely see any use of this tag so I assume the default order is
always right?
If "sp:EncryptBeforeSigning" is not specified, then the default is always
to sign before encrypting.
Am I right to say the order of <sp:EncryptedParts> and <sp:SignedParts>
elements do not specify the order of encryption and signing in
both request and response?
Correct.
Colm.
On Fri, Aug 16, 2013 at 9:18 AM, Sam <[email protected]> wrote:
Hi all,
Could someone confirm my understanding for the order of encryption &
signing using WS-SecurityPolicy in WSDL?
I saw in http://fusesource.com/docs/**esb/4.4/cxf_security/**
MsgProtect-SOAP-**SymmetricPolicy.html<http://fusesource.com/docs/esb/4.4/cxf_security/MsgProtect-SOAP-SymmetricPolicy.html>that
says the order is specified
in sp:EncryptBeforeSigning. If not specified, the default order is to sign
and encrypt.
And I rarely see any use of this tag so I assume the default order is
always right?
What I do see in almost all WS-Policy file that comes with WSDL is
something like
...
<wsp:Policy wsu:Id="DoubleItBinding_**DoubleIt_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>
*<sp:EncryptedParts>*
<sp:Body />
</sp:EncryptedParts>
*<sp:SignedParts>*
<sp:Body />
<sp:Header Namespace="..." />
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="DoubleItBinding_**DoubleIt_Output_Policy">
<wsp:ExactlyOne>
<wsp:All>
*<sp:EncryptedParts>*
<sp:Body />
</sp:EncryptedParts>
*<sp:SignedParts>*
<sp:Body />
<sp:Header Namespace="..." />
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsdl:definitions>
Am I right to say the order of <sp:EncryptedParts> and <sp:SignedParts>
elements do not specify the order of encryption and signing in both request
and response?
Thanks in advance,
Sam
