Hi, I tested different policies and was wondering about the result.
When I add <sp:SignedParts xmlns:sp=" http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> <sp:Body /> </sp:SignedParts> Integrity protection Information is added for the SOAP Header Timestamp and the SOAP Body. This looks good. According to the spec http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html Timestamp is signed. "The SignedParts assertion is used to specify the parts of the message outside of security headers that require integrity protection." So my WS-Consumer expects the integrity protection Information in the response message. The issue is, that the WS-Provider accepts my request message, but creates a response, where this information is missing. I am getting following error: {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding: Received Timestamp does not match the requirements As security headers require integrity protection, error is fine, as response is not valid. So I checked the spec again and there is the possibility to use SignedElementsAssertion. "The SignedElements assertion is used to specify arbitrary elements in the message that require integrity protection. " I changed my policies to: <sp:SignedElements xmlns:sp=" http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> <sp:XPath>/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()=' http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']</sp:XPath> </sp:SignedElements> And still the integrity protection is added for the timestamp. Have I overlooked something? I would like to accept response message with timestamp but without integrity protection information for the timestamp. I wish a Merry Christmas :) Kai
