Red Hat DocumentationFuse ESBToggle FramesPrintFeedback

Basic Signing and Encryption Scenario

Overview

The scenario described here is a client-server application, where an asymmetric binding policy is set up to encrypt and sign the SOAP body of messages that pass back and forth between the client and the server.

Example scenario

Figure 6 shows an overview of the basic signing and encryption scenario, which is specified by associating an asymmetric binding policy with an endpoint in the WSDL contract.

Figure 6. Basic Signing and Encryption Scenario

Basic Signing and Encryption Scenario

Scenario steps

When the client in Figure 6 invokes a synchronous operation on the recipient's endpoint, the request and reply message are processed as follows:

  1. As the outgoing request message passes through the WS-SecurityPolicy handler, the handler processes the message in accordance with the policies specified in the client’s asymmetric binding policy. In this example, the handler performs the following processing:

    1. Encrypt the SOAP body of the message using Bob’s public key.

    2. Sign the encrypted SOAP body using Alice’s private key.

  2. As the incoming request message passes through the server's WS-SecurityPolicy handler, the handler processes the message in accordance with the policies specified in the server’s asymmetric binding policy. In this example, the handler performs the following processing:

    1. Verify the signature using Alice’s public key.

    2. Decrypt the SOAP body using Bob’s private key.

  3. As the outgoing reply message passes back through the server's WS-SecurityPolicy handler, the handler performs the following processing:

    1. Encrypt the SOAP body of the message using Alice’s public key.

    2. Sign the encrypted SOAP body using Bob’s private key.

  4. As the incoming reply message passes back through the client's WS-SecurityPolicy handler, the handler performs the following processing:

    1. Verify the signature using Bob’s public key.

    2. Decrypt the SOAP body using Alice’s private key.

Comments powered by Disqus