Yes, but you can also embed policy in WSDL, using WS-PolicyAttachment.
(http://www.w3.org/Submission/WS-PolicyAttachment/)
I thought this is actually *the* place to put it, if WSDL is the
Web-Services equivalent of an IOR (if not a WS-Addressing endpoint
reference).
-Fred
Anne Thomas Manes wrote:
You really don't want to specify middleware control
information in the WSDL. The more appropriate place to specify your
security requirements is in a WS-Policy file using WS-SecurityPolicy.
Anne
On 6/23/06, Guy Rixon <[EMAIL PROTECTED]> wrote:
Hi,
AFAIK, there is no way to specify completely the WS-Security stuff in
WSDL.
It's a semantic problem. For the body parts, the semantics are simple
"send
this stuff in the message with the stated encoding". For the
WS-Security
header, the semantics vary according to the use of the header: "sign
digitally", "encode", "encode and sign" etc. Specifying the
wsse:Security
header itself is too ambiguous. It doesn't tell a code-generator or a
client what to do.
However, suppose that you derived a schema that included those elements
from
WS-Security that were relevant to the actual use; e.g. just the
elements to
express a signature. This would have a new top-level element (derived
by
restriction from the basic wsse:Security?) that code generators and
dynamic clients might recognize. This might work for an in-house
solution; I
haven't thought it through in detail.
On Fri, 23 Jun 2006, Martin Kuba wrote:
> Hi all,
>
> I am trying to figure out how a WS-Security-enabled webservice
> is marked in its WSDL, but after I have read all documentation
> on WSS4J which I have found and after googling for an hour,
> I still cannot find and answer. I even tried to read the
> WS-Security spec itself, but I did not find it there.
>
> The only piece of information that I found is in gSOAP WSSE
> example, where the WSDL has the following added:
>
> ...
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"
> ...
> <message name="Header">
> <part name="Security" element="wsse:Security"/>
> </message>
> ...
> <operation name="add">
> <SOAP:operation style="rpc" soapAction=""/>
> <input>
> <SOAP:body ... />
> <SOAP:header use="literal" message="tns:Header"
part="Security"/>
> </input>
> ...
>
> but that seems to be incorrect, as the wsse:Security element schema
> is not even imported. Also such specification only says that
> a SOAP header element is needed, but it does not say
> whether encryption or signature or username is needed.
>
> Can somebody point me to more information, please ?
>
> Thanks
>
> Martin
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Supercomputing Center Brno Martin Kuba
> Institute of Computer Science email: [EMAIL PROTECTED]
> Masaryk University
http://www.ics.muni.cz/~makub/
> Botanicka 68a, 60200 Brno, CZ mobil: +420-603-533775
> --------------------------------------------------------------
>
Guy Rixon [EMAIL PROTECTED]
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
|
