WS-Trust and WS-SecureConversation were updated today. WSE 2.0 implements these specifications, not the older versions, so they are required reading if you working with the related features in WSE 2.0.
One of the most notable changes to WS-SecureConversation from a WSE perspective is the removal of the KeysXml element in a SecurityContextToken. As a result of this change, WSE 2.0 no longer supports 3-party Secure Conversation out-of-the-box - there is no interoperable mechanism for carrying the required key material. Instead, custom additions are required to the built-in SCT to make this work.
Posted by herveyw at May 24, 2004 08:23 PMHarvey,
Couple of ex-msfts building a product with WSE. Got the latest drop yesterday and put in the new secure conversation implementation using UsernameToken to sign the token request and x509 to sign the token at the server. Would like to be able to sign from the server with UsernameToken if possible but haven't found the correct config yet. Any insight is appreciated.
Thx!
-rob
Posted by: Rob Stovenour at May 25, 2004 09:17 AMAre there any examples that show how to use WS-SecureConversation without X509 certificates. I mean no X509 at all; client doesn't sign RSTs with one, servers don't sign RSTRs with one, servers don't encrypt the security token with one, nothing.
That would really help as all the current examples use X509 in some form.
Thanks
Mike
Posted by: Mike at June 14, 2004 11:09 AM