Hello, Thanks a lot for the pointer :-)
Best Regards. -----Original Message----- From: Dennis Sosnoski [mailto:[email protected]] Sent: samedi 21 décembre 2013 03:37 To: [email protected] Subject: Re: Need your help again ;-) Hi Francois, You're going to have some things signed even without <SignedParts>, in particular the Timestamp and tokens (the latter because you're using ProtectTokens), . See http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/errata01/os/ws-securitypolicy-1.3-errata01-os-complete.html#_Toc325573671 Regards, - Dennis Dennis M. Sosnoski Java Web Services Consulting <http://www.sosnoski.com/consult.html> CXF and Web Services Security Training <http://www.sosnoski.com/training.html> Web Services Jump-Start <http://www.sosnoski.com/jumpstart.html> On 12/21/2013 12:03 AM, COURTAULT Francois wrote: > Hello Colm, > > First, thanks for answering. > In fact we are using Weblogic predefined policy and the one we want to use > contains only the policy assertions I have listed. So what will be the > behavior with such policy ? > > So if I read between the lines you answer, if we have only this assertions > list, nothing should be done in term of encryption and signature: right ? > What about my spec questions: could you reply please ? > > Regarding what we want to do, initially we want to sign the request and > encrypt the response: what should we add ? > > Probably: > <sp:EncryptedParts> > <sp:Body/> > </sp:EncryptedParts> > And > <sp:SignedParts> > <sp:Body/> > </sp:SignedParts> > Right ? > > Best Regards. > > From: Colm O hEigeartaigh [mailto:[email protected]] > Sent: vendredi 20 décembre 2013 11:36 > To: COURTAULT Francois > Cc: [email protected] > Subject: Re: Need your help again ;-) > > > What do you actually want to sign/encrypt? Why not start from there + then > figure out an appropriate policy? Typically you will add in SignedParts or > EncryptedParts policies to cover what you want signed/encrypted. > > Colm. > > On Thu, Dec 19, 2013 at 5:36 PM, COURTAULT Francois > <[email protected]<mailto:[email protected]>> wrote: > Hello everyone, > > We are using only AsymmetricBinding assertion to a recipient with : > > * InitiatorSignatureToken (IncludeToken/AlwaysToRecipient) > > * RecipientEncryptionToken (IncludeToken/Never) > > * IncludeTimestamp > > * ProtectTokens > > * OnlySignEntireHeadersAndBody > > * Wss11 > > o sp:MustSupportRefKeyIdentifier > > o sp:MustSupportRefIssuerSerial > > o sp:MustSupportRefThumbprint > > o sp:MustSupportRefEncryptedKey > > o sp:RequireSignatureConfirmation > > Could we attached this AsymmetricBinding assertion to a WS endpoint as it is, > meaning without providing any details regarding what we want to sign and > encrypt ? > > In the spec > (http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826608) > it is stated that: > > - "The specified token populates the [Initiator Signature Token] > property and is used for the message signature from initiator to recipient.". > So it means that a SOAP client has to provide a message signature in the SOAP > request sent to the recipient: right ? > > - "The specified token populates the [Recipient Encryption Token] > property and is used for the message encryption from recipient to > Recipient.": is there any typo here ? from recipient to Recipient ? If this > is not a typo what does that mean ? Because otherwise I will interpret it as > initiator to Recipient: right ? In such case, the SOAP request sent to the > recipient should contain some encryption: right ? > > > Best Regards. > > ________________________________ > This message and any attachments are intended solely for the addressees and > may contain confidential information. Any unauthorized use or disclosure, > either whole or partial, is prohibited. > E-mails are susceptible to alteration. Our company shall not be liable for > the message if altered, changed or falsified. If you are not the intended > recipient of this message, please delete it and notify the sender. > Although all reasonable efforts have been made to keep this > transmission free from viruses, the sender will not be liable for > damages caused by a transmitted virus > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > ________________________________ > This message and any attachments are intended solely for the addressees and > may contain confidential information. Any unauthorized use or disclosure, > either whole or partial, is prohibited. > E-mails are susceptible to alteration. Our company shall not be liable for > the message if altered, changed or falsified. If you are not the intended > recipient of this message, please delete it and notify the sender. > Although all reasonable efforts have been made to keep this > transmission free from viruses, the sender will not be liable for > damages caused by a transmitted virus > This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus
