6.4.7.1 Limitations

  • Supported Nesting Assertions
  • Non-supported Nesting Assertions
    • <sp:InitiatorSignatureToken>
    • <sp:InitiatorEncryptToken>
    • <sp:RecipientSignatureToken>
    • <sp:RecipientEncryptToken>
    • <sp:EncryptBeforeSigning>
    • <sp:EncryptSignature>
  • <sp:InitiatorToken> must be associated <sp:X509Token> and the Token inclusion type must be “AlwaysToRecipient“
  • <sp:RecipientToken> must be associated with <sp:X509Token> and the Token inclusion type must be “Never”

The following example shows a SALT supported AsymmetricBinding assertion example. This assertion indicates the X.509 V3 binary token that defined in WS-Security X.509 Token Profile 1.1 specification is used for digital signature for the SOAP request messages and the X.509 token is always included in the SOAP message security header:

Example 6-4 Supported AsymmetricBinding Assertion

<sp:AsymmetricBinding>
    <wsp:Policy>
      <sp:InitiatorToken>
        <wsp:Policy>
          <sp:X509Token               sp:IncludeToken=”http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient”>
            <wsp:Policy>
              <sp:WssX509V3Token11 />
            </wsp:Policy>
          </sp:X509Token>
        </wsp:Policy>
      </sp:InitiatorToken>
      <sp:RecipientToken>
        <wsp:Policy>
          <sp:X509Token               sp:IncludeToken=”http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/Never”>
            <wsp:Policy>
              <sp:WssX509V3Token11 />
            </wsp:Policy>
          </sp:X509Token>
        </wsp:Policy>
      </sp:RecipientToken>
      <sp:Algorithm>
        <wsp:Policy>
          <sp:Basic256>
        </wsp:Policy>
      </sp:Algorithm>
      <sp:Layout>
        <wsp:Policy>
          <sp:Lax>
        </wsp:Policy>
      </sp:Layout>
      <sp:IncludeTimestamp />
    </wsp:Policy>
  </sp:AsymmetricBinding>

Parent topic: <sp:AsymmetricBinding>