What do you actually want to sign/encrypt? Why not start from there + then figure out an appropriate policy? Typically you will add in SignedParts or EncryptedParts policies to cover what you want signed/encrypted.
Colm. On Thu, Dec 19, 2013 at 5:36 PM, COURTAULT Francois < [email protected]> wrote: > Hello everyone, > > > > We are using only AsymmetricBinding assertion to a recipient with : > > · InitiatorSignatureToken (IncludeToken/AlwaysToRecipient) > > · RecipientEncryptionToken (IncludeToken/Never) > > · IncludeTimestamp > > · ProtectTokens > > · OnlySignEntireHeadersAndBody > > · Wss11 > > o sp:MustSupportRefKeyIdentifier > > o sp:MustSupportRefIssuerSerial > > o sp:MustSupportRefThumbprint > > o sp:MustSupportRefEncryptedKey > > o sp:RequireSignatureConfirmation > > > > Could we attached this AsymmetricBinding assertion to a WS endpoint as it > is, meaning without providing any details regarding what we want to sign > and encrypt ? > > > > In the spec ( > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826608) > it is stated that: > > - “The specified token populates the [Initiator Signature Token] > property and is used for the message signature from initiator to > recipient.”. So it means that a SOAP client has to provide a message > signature in the SOAP request sent to the recipient: right ? > > - “The specified token populates the [Recipient Encryption > Token] property and is used for the message encryption from recipient to > Recipient.”: is there any typo here ? from recipient to Recipient ? If this > is not a typo what does that mean ? Because otherwise I will interpret it > as initiator to Recipient: right ? In such case, the SOAP request sent to > the recipient should contain some encryption: right ? > > > > Best Regards. > > ------------------------------ > This message and any attachments are intended solely for the addressees > and may contain confidential information. Any unauthorized use or > disclosure, either whole or partial, is prohibited. > E-mails are susceptible to alteration. Our company shall not be liable for > the message if altered, changed or falsified. If you are not the intended > recipient of this message, please delete it and notify the sender. > Although all reasonable efforts have been made to keep this transmission > free from viruses, the sender will not be liable for damages caused by a > transmitted virus > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
