Reputation: 3308
Does WCF's WS-Security implementation fully support the specification?
Reading this question WCF - Implementing client which requires encryption of one soap:body element, how? gave me a question of my own.
According to WS-Security specification "The message creator MUST NOT encrypt the S:Envelope, S:Header, or S:Body elements but MAY encrypt child elements of either the S:Header and S:Body elements."
I read that as the message creator can encrypt any number of child elements of S:Body. Perhaps I am misreading the spec and the encryption of the soap body really is all or none... If WCF only supports encryption of the body but not sub-elements of the body, does it still fully support WS-Security, or is this an interoperability issue with WCF?
Upvotes: 2
Views: 433
Answers (1)
Reputation: 364369
WCF doesn't encrypt Body element itself. It encrypts body content but as mention in related question it doesn't offer fine granularity to selectively encrypt deeply nested elements in the body element.
The question is if MAY encrypt child elements of either the S:Header and S:Body elements means direct child or any nested element. Anyway WCF doesn't violate the standard but it doesn't have to implement every single detail of the standard - as many other WS-* protocol stacks don't as well.
Upvotes: 2
Related Questions
- WCF WebService Security: How do I use security on a WebService?
- WS-Security from soapUI to WCF - binding & configuration
- Invoking a web service with WS Security from .NET
- How interopable is WS-Security?
- WCF Client with WS-Security
- Wcf WS-Security server
- How do I use WS-Security with WCF?
- Does WCF support WS-Security with SOAP 1.1?
- implementing Ws-security within WCF proxy
- WCF Service Security for Authentication and Authorization