[wsf-dev] signing questions
Asa Hardcastle
asa.openliberty at zenn.net
Fri Feb 15 13:44:08 PST 2008
Hi All,
I am now able to sign outgoing messages. And I have some questions
for the experts on the list.
1. Messages over TLS carrying a SAMLv2 token: - is this considered
urn:liberty:security:2005-02:TLS:Bearer or urn:liberty:security:
2005-02:TLS:SAMLV2
2. It appears that the "authentication mechanisms" listed do not have
any reference to signed or unsigned. Is this true? How is the
requirement of signing communicated between server/client?
3. When are signed messages generally used in WSF? Can it begin
with the first SASL request to the AS?
4. Is meta-data exchange completely out of the ID-WSF band?
5. Are responses from the WSP signed as well? In which case I need
the public key from the WSP.
6. My signature references the Body, and all of the header elements.
Why not sign the SOAP envelope and call it a day? Is this because
portions may be passed on to another end point?
7. Does a signed message require an x.509 token?
many thanks,
asa
More information about the Wsf-dev
mailing list