Support for OASIS WS-SX standards in Metro
By Jiandong Guo on Feb 03, 2008
We provide support for OASIS WS-SX standards WS-SecurityPolicy 1.2, WS-SecureConversation 1.3 and WS-Trust 1.3 in the current build of Metro. This will be included in the up-coming Metro 1.2 release as EA features. No Netbeans tooling support is avialbale yet. However one can manually modify the wsdl and configuration produced from Netbeans to produce WS-SX based service and STS. This applies to all the existing security scenarios using previous versions of WS-Trust and WS-SecureConversation.
1. Create a service secured with WS-SX:
First create a service with Netbeans using an IssuedToken from an STS and/or secure conversation for the security.
Then make the following the changes for the service WSDL:
1) Change the all the occurence of WS-SecurityPolicy namespace from
The change must also apply to the IncludeToken attribute.
2) Change all the occurence of the WS-Trust namespace from
This mainly applies to the element in the RequestSecurityTokenTemplate in
IssuedToken policy assertion and what used for Action.
3) Change the policy assertion Trust10 to Trust13.
2. Create STS of WS-SX version:
3. Using WS-Policy 1.5 with WS-SX:
With the service and STS produced from 1 and 2, WS-Policy 1.2 is used.
One may also use the standard WS-Policy 1.5 from W3C with WS-SX support.
1)Change all the occurence of the WS-Policy namespace from
2) Using addressing metadata:
Remove the policy assertion UsingAddressing.
And then add the following assertion instead to enable Addressing:
Alos change the prefix for Action to wsam (e.g wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue").
This mainly address the use of WS-SX for existing features. There are also some new features introduced for Metro 1.2 which will be described in the subsequent blogs.
We will also provide samples with WS-SX in the current WSIT workspace.