rss
 
comment(s)

archives
J|F|M|A|M|J|J|A|S|O|N|D
(20##) 10 9 8 7 6 5 4 3 2 1 0 <
 
DesktopWeb FormText   internal WSE changesSat, 12 Jun 2004 00:16:19 GMT # 

the latest find is that WSE now signs the data after encrypting it on the server (tech preview used to sign and then encrypt). WSS specification supports both. the WSE 2.0 clients are still signing 1st and then encrypting, so this means the user will still 'see what they are signing'. i.e. you dont want to sign encrypted data, because you cant tell what you are signing. but i guess this legal matter doesnt make sense for a server? they cant really see ... yet. tried some stuff in code to see if it was customizable, but have not gotten anything to work yet. this last find closes the WS-Security loop for the CF bits. the code has been updated to handle the WSE 2.0 changes. it tested out doing a full cycle of signing and encrypting a request to the server, and then decrypting and verifying the signature of the response. now that i have WS-Security, should be able to get WS-SecureConversation working again.