Processing UsernameForCertificateAssertion
- From: "gregabor" <gregor.borosa@xxxxxxxxx>
- Date: 27 Jun 2006 13:26:12 -0700
Hi there,
I'm using UsernameForCertificateAssertion and I have problem
understanding few things about processing SOAP messages, algorithms,
keys etc.
1) I don't see any connection between any ID values of SOAP headers in
OutputTrace and InputTrace.webinfo. Shouldn't some IDs match, at least
MessageID or something?
2) In OutputTrace.webinfo in SOAP header I have
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p in EncryptedKey part,
then also some SHA1 hashing.
In the body, there is http://www.w3.org/2001/04/xmlenc#aes256-cbc.
In InputTrace.webinfo in SOAP header there are TWO SAME DerivedKeyToken
parts, both using http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1 ,
but there is no RSA mentioned as in OutputTrace.
Shouldn't both sent and received soap headers use same encrypt/decrypt
algorithms?
Also, why Pablo Cibraro says
(http://weblogs.asp.net/cibrax/archive/2005/09/19/425555.aspx) that
default algorithm in WSE3.0 is AES128 + RSA 1.5, if I'm getting AES256
as default? Were there any changes in the WSE3.0?
Can you suggest any links about how keys are generated and used in more
detail? The WSS patterns & practices is too general in this area.
Thank you for all your help. I can't sleep because of these questions
:)
Kind regards,
Greg
.
- Follow-Ups:
- Re: Processing UsernameForCertificateAssertion
- From: Pablo Cibraro
- Re: Processing UsernameForCertificateAssertion
- Prev by Date: Re: Interop between WSE 2.0 and 3.0
- Next by Date: Re: WSE 3.0, usernameOverTransportSecurity, custom Token Manager w/ securityTokenManager,
- Previous by thread: Derived Key
- Next by thread: Re: Processing UsernameForCertificateAssertion
- Index(es):
Relevant Pages
|
