Hi Sam, > If not specified, the default order is to sign and encrypt. > And I rarely see any use of this tag so I assume the default order is always right?
If "sp:EncryptBeforeSigning" is not specified, then the default is always to sign before encrypting. > Am I right to say the order of <sp:EncryptedParts> and <sp:SignedParts> elements do not specify the order of encryption and signing in > both request and response? Correct. Colm. On Fri, Aug 16, 2013 at 9:18 AM, Sam <[email protected]> wrote: > Hi all, > > Could someone confirm my understanding for the order of encryption & > signing using WS-SecurityPolicy in WSDL? > > I saw in http://fusesource.com/docs/**esb/4.4/cxf_security/** > MsgProtect-SOAP-**SymmetricPolicy.html<http://fusesource.com/docs/esb/4.4/cxf_security/MsgProtect-SOAP-SymmetricPolicy.html>that > says the order is specified > in sp:EncryptBeforeSigning. If not specified, the default order is to sign > and encrypt. > > And I rarely see any use of this tag so I assume the default order is > always right? > > What I do see in almost all WS-Policy file that comes with WSDL is > something like > > ... > <wsp:Policy wsu:Id="DoubleItBinding_**DoubleIt_Input_Policy"> > <wsp:ExactlyOne> > <wsp:All> > *<sp:EncryptedParts>* > <sp:Body /> > </sp:EncryptedParts> > *<sp:SignedParts>* > <sp:Body /> > <sp:Header Namespace="..." /> > </sp:SignedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > <wsp:Policy wsu:Id="DoubleItBinding_**DoubleIt_Output_Policy"> > <wsp:ExactlyOne> > <wsp:All> > *<sp:EncryptedParts>* > <sp:Body /> > </sp:EncryptedParts> > *<sp:SignedParts>* > <sp:Body /> > <sp:Header Namespace="..." /> > </sp:SignedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > </wsdl:definitions> > > > Am I right to say the order of <sp:EncryptedParts> and <sp:SignedParts> > elements do not specify the order of encryption and signing in both request > and response? > > Thanks in advance, > Sam > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
