Using UserNameToken and BinarySecurityToken in the same SOAP message - Jahan Moreh - org.oasis-open.lists.wss-dev

2 messages in org.oasis-open.lists.wss-devUsing UserNameToken and BinarySecurit...

From	Sent On	Attachments
Jahan Moreh	Aug 8, 2005 2:23 pm
Jahan Moreh	Aug 29, 2005 2:08 pm

Subject:	Using UserNameToken and BinarySecurityToken in the same SOAP message
From:	Jahan Moreh (jmo...@sigaba.com)
Date:	Aug 8, 2005 2:23:45 pm
List:	org.oasis-open.lists.wss-dev

Colleagues - The document Web Services Security UsernameToken Profile 1.0 line 261 states:

"Token ownership is verified by use of keys...."

Is it reasonable to use wsse:UserNameToken to specify the identity of a user and then sign this element using the organization's private key? The Organizational certificate would be specified in a BinarySecurityToken. I am thinking of something similar to the following

<S11:Envelope xmlns:S11="..." xmlns:wsse="..."> <S11:Header> <wsse:Security> <wsse:UsernameToken wsu:id="MessageProdcuerID"> <wsse:Username>Joe User</wsse:Username> </wsse:UsernameToken> ...

<wsse:BinarySecurityToken ValueType="...#X509v3" EncodingType="...#Base64Binary" wsu:Id="X509Token"> MIIEZzCCA9CgAwIBAgIQEmtJZc0rqrKh5i... </wsse:BinarySecurityToken> .... <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="...." /> <ds:SignatureMethod Algorithm="...." /> <ds:Reference URI="#MessageProdcuerID"> <ds:DigestMethod Algorithm="...." /> <ds:DigestValue>...</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>xxxxxxxxxx</ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#X509Token"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> ... </S11:Header> ... </S11:Envelope>

Thanks, Jahan

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets