Thank you for sharing the idea, Colm. However, I believe the example asymmetric binding isn't compliant with the specification, for reasons given in my previous post. I don't know whether the customer would change services frameworks, but I want to be sure the WSDL isn't coupled with CXF.
In any event, I was granted some flexibility from the customer and am now able to push SSL downstream to the service. With an X509Token assertion attached as a supporting token to a transport binding, I have a concise policy expression and get what I want. I sincerely thank you for your time and support. My two cents is an unbound X509Token assertion should be supported, but I respect a difference of opinion. Justin -- View this message in context: http://cxf.547215.n5.nabble.com/WS-Policy-Expressions-for-X-509-Token-Assertions-tp5742248p5742555.html Sent from the cxf-user mailing list archive at Nabble.com.
