Hi everybody, there is a nice article called "Secure Message Exchanges with Multiple Users" at http://wso2.org/library/255. In this article we can read:
" <encryptionUser>useReqSigCert</encryptionUser> This instructs Rampart/WSS4J to use the certificate that was used to sign the request. One can specify the encrypted parts to encrypt different parts of the message to be encrypted. " My question is is it possible to use this with Symmetric binding? I could be wrong but my understanding is that if this is supposed to work it will mean that we want the derived key to be based on the lient's (initiator's) security token (not the recipient's one), defined in the either encryption token assertion or protection token assertion. I know this make much more sense with the Asymmetric binding, but I am curious about that. Thank you. Best regards, Dobri
