You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Jason Pell <ja...@pellcorp.com> on 2012/03/05 02:11:05 UTC
Query regarding ws-trust IssuedToken declared directly in
TransportBinding -> TransportToken -> Policy
Hi again,
Another question regarding one of the examples provided for STS in the
services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl
This WSDL has a IssuedToken declared inside a TransportToken. My
reading of the WS-Security Policy spec indicates that this token is
for security that is not provided by WS-Security. Is there a reason
why this was not declared as a SupportingToken instead?
Is this actually a valid declaration and I am missing something
fundamental about ws-securitypolicy?
Thanks in advance for any guidance
Regards
Jason
Re: Query regarding ws-trust IssuedToken declared directly in
TransportBinding -> TransportToken -> Policy
Posted by Colm O hEigeartaigh <co...@apache.org>.
I'm not entirely sure off hand about the origin of that particular
policy. It essentially states that the public key embedded in the
IssuedToken matches the client's TLS X509 certificate. It's definately
not best practise in terms of using TLS with Ws-Trust, you should use
a SupportingToken instead - one of the later policies in that WSDL
uses an EndorsingSupportingToken.
Colm.
On Mon, Mar 5, 2012 at 1:11 AM, Jason Pell <ja...@pellcorp.com> wrote:
> Hi again,
>
> Another question regarding one of the examples provided for STS in the
> services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl
>
> This WSDL has a IssuedToken declared inside a TransportToken. My
> reading of the WS-Security Policy spec indicates that this token is
> for security that is not provided by WS-Security. Is there a reason
> why this was not declared as a SupportingToken instead?
>
> Is this actually a valid declaration and I am missing something
> fundamental about ws-securitypolicy?
>
> Thanks in advance for any guidance
>
> Regards
> Jason
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com