Flow for establishing a security context token to secure reliable messaging
This example scenario includes functions required for the composite scenario of Web Services Reliable Messaging (WS-ReliableMessaging), WS-SecureConversation, and WS-Trust. The scenario describes how to use WS-SecureConversation with WS-ReliableMessaging, the scenario is described from the WS-SecureConversation perspective.
The flow of this Web Services Reliable Messaging (WS-ReliableMessaging) scenario is very similar to the flow of the WS-SecureConversation scenario, and the exchange of the application messages is very similar to the Secure Conversation scenarios. The main difference in the two example scenarios is that the WS-ReliableMessaging sequence is secured with the security context token and scopes the WS-ReliableMessaging sequence to the security context token.
The following figure describes a summary of the message flows required to establish a security context token to secure reliable messaging.
Figure 1. Messages exchange for the SCT and reliable messaging
Scenario
The WS-ReliableMessaging sequence is secured with the security context token and is scoping the WS-ReliableMessaging sequence to the security context token. This scenario focuses on the message exchanges that are using the security context token in the overall flow.
The exact detail of how WS-ReliableMessaging is validating the WS-ReliableMessaging sequence, with respect to the security context token scoping, is not described.
Typically, to use secure conversation and a security context token to secure reliable messaging, the following steps are involved;
- The WS-ReliableMessaging run time calls APIs from the Web Services Security run time to get the UUID of the security context token for the session and also the API for serializing and deserializing the security context token for managed persistent for reliable recovery.
Because of the security nature of the security context token, the WS-ReliableMessaging protocol makes sure that the serialized security context token in persistent store is protected.
- If there is already a security context token established the UUID of the existing security context token is returned to WS-ReliableMessaging. If there is no security context token already established, the Web Services Security run time initiates a call to the recipient to establish the security context token.
The latter case is similar to the Secure Conversation scenario.
- After the WS-ReliableMessaging run time acquires the UUID of the security context token, the WS-ReliableMessaging run time scopes the CreateSequence message to the security context token using the SecurityTokenReference (STR) argument in the CreateSequence message and responds with the CreateSequenceResponse message.
The exchange of the application messages is very similar to the WS-SecureConversation scenario.
- The WS-ReliableMessaging run time responds with the CreateSequenceResponse message.
The exchange of the messages is very similar to the exchange in the WS-SecureConversation scenario.
- The WS-ReliableMessaging run time sends a SequenceAcknowledgement message to acknowledge that the message is properly delivered and secured by the security context token.
- Finally, the WS-ReliableMessaging run time sends a TerminateSequence message to terminate the sequence and is secured by the security context token.
Related concepts
Flow for establishing a security context token to secure conversations Security context token Interoperation with other WS-ReliableMessaging providers: use pattern
Related tasks
Secure requests to the trust service using system policy sets Configure WS-SecureConversation to work with WS-ReliableMessaging WS-ReliableMessaging
Related information:
Web Services Secure Conversation Language specification