- From: Fabian Ritzmann <Fabian.Ritzmann@Sun.COM>
- Date: Wed, 27 Sep 2006 14:32:41 +0300
- To: "public-ws-policy@w3.org" <public-ws-policy@w3.org>
Received on Wednesday, 27 September 2006 11:32:47 UTC
Here are security policy samples where the applicable policy alternative can not be reliably determined from an incoming message. The WSDL with the policies is attached. This is in response to action item 115 that was assigned to Monica Martin. For an incoming message the security layer infers the policy from the message. The inferred policy will then be compared against the list of available alternatives. A simple example, which attempts to show ambiguity in the policy to be selected. In the attached example , we have a policy alternative at the binding level. Everything is the same except one assertion WSS10 and WSS11. If RequireSignatureConfirmation element under WSS11 assertion is set then SignatureConfirmation element must be sent back to the client. If the server happen to select the alternative which has WSS10 and Client had selected alternative with WSS11 assertion it be an error as the client would expect SignatureConfirmation element in the response from the server. Fabian
Received on Wednesday, 27 September 2006 11:32:47 UTC