see inline please. Regards, Werner
> -----Ursprüngliche Nachricht----- > Von: ext Glen Mazza [mailto:[EMAIL PROTECTED] > Gesendet: Dienstag, 15. Juli 2008 14:48 > An: [email protected] > Betreff: RE: Two more questions on CXF & WSS4J > > > > > O hEigeartaigh, Colm wrote: > > > > > >> Line 102 and Line 121, does the WSS4J Action here > "Timestamp Signature > >> Encrypt" mean the same thing as "Use the X.509 Token Profile" I.e., > > those > >> three actions are used to activate X.509 profiles? > > > > I don't follow you here. The X.509 Token Profile is largely > about how to > > reference X.509 certificates, i.e. for the case of > signature to point to > > the public key required to verify the signature. This can > be configured > > via WSHandlerConstants.SIG_KEY_ID and WSHandlerConstants.ENC_KEY_ID. > > > > What I'm saying is that the UsernameToken profile is > implemented using the > Action "UsernameToken". WS-Security has another profile > called the "X.509 > Token profile"--which I haven't studied yet. But is it the > "Signature" werner: yes and no. The X.509 profiles describes (in general) how to use X.509 certificate to sign and encrypt. Which option you use is up to the application. It may sig and encrypt, sign only, or encrypt only. All based on X.509 certificates that provide the public keys or identify the associated private keys. > action (or "Signature Encrypt") which activates this profile, like > "UsernameToken" action activates the UT profile? > > Thanks, > Glen > > -- > View this message in context: > http://www.nabble.com/Two-more-questions-on-CXF---WSS4J-tp1827 > 9527p18464406.html > Sent from the WSS4J mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
