0

I am looking at a common security scenario - Message Security with an Anonymous Client which says integrity and confidentiality is achieved through "shared security context". The sample application for this scenario says "all application messages between the client and server are signed and encrypted".

How is security context established since the client has no certificate, and only the server has? Aren't just messages in one direction signed because just the server has a certificate?

Ceco
  • 1,586
  • 3
  • 16
  • 23

1 Answers1

0

The first image in the first link tells it all but I just haven't looked into it, reading just the text. It uses WS-Trust or TLS negotiation to establish the shared security context.

Ceco
  • 1,586
  • 3
  • 16
  • 23