Testing asymmetric binding policy with soapUI
In the previous section, we looked into two approaches of testing a service secured with transport binding assertion. In this section, we will secure a different service in our sample project using an asymmetric binding policy.
Asymmetric binding
In web services communication, when both the service requestor and provider possess their own key pairs, it can be considered as an asymmetric binding use case.
According to WS-Security policy specification (http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826560), the asymmetric binding assertion is used in scenarios in which message protection is provided by means in WSS:SOAP Message security using the asymmetric key (public key) technology.
In asymmetric binding, the sender derives a shared key and encrypts the message using the shared key. Then the sender encrypts the shared key using the public key of the recipient and signs the message using his...