Hi,
In the WS - Security Policy Language under the X509Token Assertion, we
have.
<sp:X509Token sp:IncludeToken="xs:anyURI"? ... >
<wsp:Policy>
<sp:RequireKeyIdentifierReference ... /> ?
<sp:RequireIssuerSerialReference ... /> ?
<sp:RequireEmbeddedTokenReference ... /> ?
<sp:RequireThumbprintReference ... /> ?
...
</wsp:Policy>
</sp:X509Token>
So as we can see, we can define one than one <sp:RequireXXX/>
elements. So when referencing
a token defined with more than one <sp:RequireXXX/> what should be the
correct way ? At the moment
we check in the order of Issuer Serial reference, Key identifier
reference and then Thumb print reference
and when we found a one , we set the key identifier type to the first one we
found. If no <sp:RequireXXX/> found,
then we look at the WSS10 and WSS11 assertions.
The problem is if more than one <sp:RequireXXX/> elements are there
in the X509Token assertion,
how it should be referenced according to the WS - Security Policy
specification.
Regards,
Nandana
