axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shantanu Sen <>
Subject Re: question regarding WSDL and WS-Security
Date Fri, 09 Jan 2004 21:30:57 GMT
Suppose I have a method that I want to expose as a
web-service. I can generate a WSDL that describes the
service end-point, format etc. Supppose I expect that
one or more parameters of this method will be
encrypted , and my service will also return an
encrypted string which I expect the client to decrypt.

How would I go about describing this to the client?
Clearly, I need to supply something more than a WSDL
document to the client. Even if the client has an
underlying infrastructure (e.g. a security gateway) it
needs some sort of information. Does WS-Policy provide

Shantanu Sen
--- Ricky Ho <> wrote:
> There is a nice separation between application
> processing and 
> infrastructure processing.  WSDL describes the
> former and WS-Policy 
> describe the later.
> If you are writing application code, you shouldn't
> care about WS-Policy 
> (and WS-Security), you only care about WSDL.  The
> underlying infrastructure 
> (e.g. a security gateway) should take care about
> this for you.
> However, it you are writing the intermediary code
> doing infrastructrure 
> processing, then you shouldn't care about WSDL. 
> Instead you should deal 
> with WS-Policy which is a less mature area (you
> probably need to do some 
> proprietary policy exchange handshaking).
> Rgds, Ricky
> At 12:58 PM 1/9/2004 -0800, Shantanu Sen wrote:
> >Please point me to the correct forum if you know
> where
> >I should post this question.
> >
> >As far as I know, currently there is no extension
> in
> >WSDL  for WS-Security. In other words, looking at a
> >WSDL there is no way to figure out if the service
> >expects security information as specified in
> >WS-Security in the header/body of the SOAP
> envelope.
> >
> >If this is true, how does a client know how to send
> >the correct SOAP message to the service i.e. how
> does
> >it know to add the required security info?
> >
> >Thanks for any info regarding this.
> >
> >Shantanu Sen

View raw message