Hi, I am looking for best way to add WS Security to WSDL. As already asked in (http://mail-archives.apache.org/mod_mbox/ws-wss4j-dev/200610.mbox/raw/[EMAIL PROTECTED]/2)
WS Policy is recommended. I have some questions for some clearification: - WSS4J implements a policy processor. Can it be used to enforce ws security encryption of incoming/outgoing requests during runtime? - How can an endpoint enforce elements to be encrypted? I have changed encrypted elements which client sends, but server does not complain. - The logical connection between WS Security and WS Policy is: ws policy is able to define which message elements have to be secured by applying ws security elements. Therefore I would define in ws policy that a special element (e.g. user credential element) has to be encrypted using ws security standard. Correct? The WSDL would not be changed with regard to WS Security layer? - Just using wss4j: If I would send wsdl and policy file to client, does he have to configure wss4j manually to adapt to policy or is there an automated way? - in one post there was a question concerning param "encryptionParts". someone answered, that a more flexible approach (xpath) would be available with policy. Can it be used already? Thanks for answers! Greetings, Christoph -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
