Hi Roxanne,
I may not be able to answer all your questions this time, but I will
try to answer as much as possible. See my comments in line.
I'm not quite sure how these two versions fit together. Does 1.1 enhances
> 1.0? Are they two different ways of accomplishing the same tasks?
1.1 enhances 1.0. And there versions are tightly related to Axis2 versions.
For example, Rampart 1.3 is tested with Axis2 1.3 and Rampart 1.4 is tested
with Axis2 1.4. You can't use Rampart 1.4 with Axis2 1.3 due to API changes
in Axis2. So it is better to use the Rampart version which corresponds to
your Axis2 version.
For example...
>
> Looking at the Configuration tags at
> http://ws.apache.org/rampart/rampartconfig-guide.html , I would greatly
> appreciate to have an example explaining what each tag does and every
> possibility that can be used in a tag. The table seems incomplete.
>
> <encryptionCypto>
> ....crypto element ......[What are all the possibilities that can be
> placed here?]
> .........................[What will happen if I just put in a random
> word?]
> </encryptionCypto>
>
An example crypto element can be found signatureCrypto description. Same
structure applies to encryptionCrypto and decryptionCrypto elements.
If I wanted basic WSS, could I ignore creating a Policy completely?
>
Depends on your usage. For example, if you use parameter based
configuration, your WSDL will not be annotated with policy. So your clients
need to have a out of band knowledge about of service's security
requirements.
P.S. This might sound stupid, but what is the difference between a user and
> an encryption user?
User is used provide the username or private key alias.
Enncryption user is used provide the key alias of the certificate which
should be used for encryption.
thanks,
nandana
