Scenario 12: Secure conversation - Sign only - Service as STS - Bootstrap policy - Sign and encrypt, anonymous clients

In this scenario we also have a security context between the client and the service, but the client doesn't have a X.509 certificate, so the context is established using a symmetric key.

All the communication in the security context is signed using the keys from the security context:

Get WSO2 Developer’s Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.