rss
 
comment(s)

archives
J|F|M|A|M|J|J|A|S|O|N|D
(20##) 10 9 8 7 6 5 4 3 2 1 0 <
 
DesktopWeb FormText   WSE2 SP2 PreReleaseTue, 23 Nov 2004 02:42:19 GMT # 

per Hervey ... WSE 2.0 Service Pack 2 PreRelease

this update will break one of the sample calls for CF WSE2 ... specifically WS-SecureConversation. it will break because WSE2 SP2 requires UsernameTokens of RST requests to be encrypted. my CF client code only signs the UsernameToken and does not encrypt it. the CF WSE2 libraries do have the capabilities to encrypt UsernameTokens; look for some commented out code in the UsernameSigning client side code. granted ... i only tested that code with a modified UsernameSigning sample. i did not test it with the SP2 SecureConversation sample

and the real question is ... why do we need WS-SecureConversation for mobile devices? the answer is to reduce the amount of asymmetric cryptography, which is slow and computationally expensive (especially on small devices). WS-SecureConversation allows you to exchange a session key using asymmetric key encryption in the 1st couple calls. for all subsequent calls you can use that key (or derived keys) and only do symmetric encryption (and signing). otherwise, if you were just using the lower level stack of WS-Security, then you would have to do asymmetric crypto in every WS call