Christopher Smith wrote:
On 16/10/06 08:38, "Peter G. Lane" <lane@mcs.anl.gov> wrote:
By the way ... it's not anonymous https ... we are authenticating the server with SSL. Right, "https" means http over SSL. "Anonymous" means anonymous SSL authentication. What am I missing?
Sorry ... anonymous to me mean http over SSL so there is an encrypted connection but with no authentication using SSL. We're requiring connecting to a server that has a proper certificate, so the server is authenticated via SSL. The client is authenticated using the WS-Security Username Token.
I think we're on the same page. I'm probably just not using terminology properly. Also, the WS-Security Username Token stuff is in the SOAP message, so I wasn't considering it since it isn't part of the transport protocol. At any rate, the main point is that we don't need to discover the transport binding since we agreed on this already. Yes? Peter
-- Chris