ws policies InitiatorToken RecipientToken

Fri, 16 May 2014 10:45:12 -0700 

Hi Colm,
I set up a scenario and was wondering about the KeyInfo elements.


Policy P1 for WS-Consumer and WS-Provider

CXF ---sends requestA ----> CXF
    <--- sends responseB---

Policy is
<p:policies enabled="true" xmlns:p="http://cxf.apache.org/policy";>
<wsp:Policy wsu:Id="AsymmetricII"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
xmlns:wsp="http://www.w3.org/ns/ws-policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<sp:Body />
<sp:Header Name="Timestamp"
Namespace="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
/>
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<sp:Body />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</p:policies>

When I have a closer look to the messages, these look like this:


 A:
 Enc-Element: KeyInfo/SecurityTokenReference/KeyIdentifier
 Sig-Element:  KeyInfo/SecurityTokenReference/Reference

 B:
 Enc-Element:  KeyInfo/SecurityTokenReference/X509Data
 Sig-Element:   KeyInfo/SecurityTokenReference/KeyIdentifier


Is there any reason, that the request message contains in the encryption
part the KeyIdentifier and the response message the X509Data element?

I am using CXF version 2.7.10

Best regards
Kai

Reply via email to