Werner, As you've seen on the list I've "resurfaced" after 3 months of silence. I would really like to figure it out myself and contibute to the project, but my knowledge/understanding is quite limited. I've looked at the wsse Unittest number 13 - but as far as I can see It doesn't do what you wrote about in your mail:
"I was able to perform the Signature check with this request." http://nagoya.apache.org/eyebrowse/[EMAIL PROTECTED]&msgNo=2099 Is that code checked in or can you send it, so that I can reproduce it with a new dummy service that one of my colleague set up. Because eventhough you got success I'm stille no able to acces a WSE2 Web Service that requires signing the body and Timestamp with a key based on the UsernameToken. Since if I can reproduce the digest and signature given a UsernameToken (include nonce ect.) and several addressing elements. And a second question, I've looked through the WS-Trust specification and the WS-Secure Conversation, but I havn't spotted where the description for WSE2's "way of doing" is described. I would like to gather the facts and out assumptions and post it to the WSE2 team, to clear out any misunderstandings if we strike gound again. Thanks in advance. Brgds Brian
