You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Marc J (JIRA)" <ji...@apache.org> on 2007/06/26 17:38:26 UTC
[jira] Commented: (RAMPART-27) The user in the configuration for
UsernameToken and Signature should be different
[ https://issues.apache.org/jira/browse/RAMPART-27?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12508217 ]
Marc J commented on RAMPART-27:
-------------------------------
Extracted from WS-SecurityPolicy Examples Working Draft 14, 15 May 2007
This scenario is based on WS-I SCM Security Architecture Technical requirements for securing the SCM Sample Application, March 2006 [WSI-SCM-SAMPLEAPPL - GetCatalogRequest, SubmitOrderRequest].
This use case corresponds to the situation where both parties have X.509v3 certificates (and public-private key pairs). The Initiator includes a user name token that may stand for the Requestor on-behalf-of which the Initiator is acting. The UsernameToken is included as a SupportingToken; this is also encrypted. The Authority for this request is generally the Subject of the Initiator's trusted X.509 Certificate.
We model this by using the asymmetric security binding [WSSP] with a UsernameToken SupportingToken.
Is there a way to do this?
> The user in the configuration for UsernameToken and Signature should be different
> ---------------------------------------------------------------------------------
>
> Key: RAMPART-27
> URL: https://issues.apache.org/jira/browse/RAMPART-27
> Project: Rampart
> Issue Type: Improvement
> Components: rampart-policy
> Reporter: Hailong Wang
>
> Current rampart has no way to specify different user for UsernameToken and Signature in configuration.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.