Query regarding ws-trust IssuedToken declared directly in TransportBinding -> TransportToken -> Policy

[Jason Pell <ja...@pellcorp.com>]

Hi again,

Another question regarding one of the examples provided for STS in the
services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl

This WSDL has a IssuedToken declared inside a TransportToken.  My
reading of the WS-Security Policy spec indicates that this token is
for security that is not provided by WS-Security.  Is there a reason
why this was not declared as a SupportingToken instead?

Is this actually a valid declaration and I am missing something
fundamental about ws-securitypolicy?

Thanks in advance for any guidance

Regards
Jason

Re: Query regarding ws-trust IssuedToken declared directly in TransportBinding -> TransportToken -> Policy

[Colm O hEigeartaigh <co...@apache.org>]

I'm not entirely sure off hand about the origin of that particular
policy. It essentially states that the public key embedded in the
IssuedToken matches the client's TLS X509 certificate. It's definately
not best practise in terms of using TLS with Ws-Trust, you should use
a SupportingToken instead - one of the later policies in that WSDL
uses an EndorsingSupportingToken.

Colm.

On Mon, Mar 5, 2012 at 1:11 AM, Jason Pell <ja...@pellcorp.com> wrote:
> Hi again,
>
> Another question regarding one of the examples provided for STS in the
> services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl
>
> This WSDL has a IssuedToken declared inside a TransportToken.  My
> reading of the WS-Security Policy spec indicates that this token is
> for security that is not provided by WS-Security.  Is there a reason
> why this was not declared as a SupportingToken instead?
>
> Is this actually a valid declaration and I am missing something
> fundamental about ws-securitypolicy?
>
> Thanks in advance for any guidance
>
> Regards
> Jason



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com