Hello Colm,
First, thanks for answering.
In fact we are using Weblogic predefined policy and the one we want to use
contains only the policy assertions I have listed. So what will be the
behavior with such policy ?
So if I read between the lines you answer, if we have only this assertions
list, nothing should be done in term of encryption and signature: right ?
What about my spec questions: could you reply please ?
Regarding what we want to do, initially we want to sign the request and encrypt
the response: what should we add ?
Probably:
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
And
<sp:SignedParts>
<sp:Body/>
</sp:SignedParts>
Right ?
Best Regards.
From: Colm O hEigeartaigh [mailto:[email protected]]
Sent: vendredi 20 décembre 2013 11:36
To: COURTAULT Francois
Cc: [email protected]
Subject: Re: Need your help again ;-)
What do you actually want to sign/encrypt? Why not start from there + then
figure out an appropriate policy? Typically you will add in SignedParts or
EncryptedParts policies to cover what you want signed/encrypted.
Colm.
On Thu, Dec 19, 2013 at 5:36 PM, COURTAULT Francois
<[email protected]<mailto:[email protected]>> wrote:
Hello everyone,
We are using only AsymmetricBinding assertion to a recipient with :
* InitiatorSignatureToken (IncludeToken/AlwaysToRecipient)
* RecipientEncryptionToken (IncludeToken/Never)
* IncludeTimestamp
* ProtectTokens
* OnlySignEntireHeadersAndBody
* Wss11
o sp:MustSupportRefKeyIdentifier
o sp:MustSupportRefIssuerSerial
o sp:MustSupportRefThumbprint
o sp:MustSupportRefEncryptedKey
o sp:RequireSignatureConfirmation
Could we attached this AsymmetricBinding assertion to a WS endpoint as it is,
meaning without providing any details regarding what we want to sign and
encrypt ?
In the spec
(http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826608)
it is stated that:
- "The specified token populates the [Initiator Signature Token]
property and is used for the message signature from initiator to recipient.".
So it means that a SOAP client has to provide a message signature in the SOAP
request sent to the recipient: right ?
- "The specified token populates the [Recipient Encryption Token]
property and is used for the message encryption from recipient to Recipient.":
is there any typo here ? from recipient to Recipient ? If this is not a typo
what does that mean ? Because otherwise I will interpret it as initiator to
Recipient: right ? In such case, the SOAP request sent to the recipient should
contain some encryption: right ?
Best Regards.
________________________________
This message and any attachments are intended solely for the addressees and may
contain confidential information. Any unauthorized use or disclosure, either
whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the
message if altered, changed or falsified. If you are not the intended recipient
of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free
from viruses, the sender will not be liable for damages caused by a transmitted
virus
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
________________________________
This message and any attachments are intended solely for the addressees and may
contain confidential information. Any unauthorized use or disclosure, either
whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the
message if altered, changed or falsified. If you are not the intended recipient
of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free
from viruses, the sender will not be liable for damages caused by a transmitted
virus
