Hello everyone, What is the meaning of OnlySignEntireHeadersAndBody policy assertion ?
I looked at http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html. As we are using asymmetric binding, the only description I got in this spec is : "/sp:AsymmetricBinding/wsp:Policy/sp:OnlySignEntireHeadersAndBody This optional element is a policy assertion that indicates that the [Entire Header And Body Signatures] property is set to 'true'." My interpretation of the sentence above is that, if this assertion is used for a web service endpoint it means that the client has to generate a signature for all SOAP headers and the body of the SOAP request he has to send: am I right or wrong ? Best Regards. ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus