<wsdl:definitions
targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:wsp="http://www.w3.org/ns/ws-policy"
<wsdl:import location="ws-trust-1.4-service.wsdl" namespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"/>
<wsdl:binding name="x509_token_asymmetric_binding" type="wstrust:STS">
<wsp:PolicyReference URI="#x509_token_asymmetric_policy" />
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http" />
<wsdl:operation name="Issue">
<soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
<wsdl:input>
<wsp:PolicyReference
URI="#signed_body_input_policy" />
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#signed_body_output_policy" />
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="Validate">
<soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
<wsdl:input>
<wsp:PolicyReference
URI="#signed_body_input_policy" />
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#signed_body_output_policy" />
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="Cancel">
<soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
<wsdl:input>
<wsp:PolicyReference
URI="#signed_body_input_policy" />
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#signed_body_output_policy" />
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="Renew">
<soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
<wsdl:input>
<wsp:PolicyReference
URI="#signed_body_input_policy" />
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#signed_body_output_policy" />
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="KeyExchangeToken">
<soap:operation
<wsdl:input>
<wsp:PolicyReference
URI="#signed_body_input_policy" />
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#signed_body_output_policy" />
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="RequestCollection">
<soap:operation
<wsdl:input>
<wsp:PolicyReference
URI="#signed_body_input_policy" />
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#signed_body_output_policy" />
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<!-- 2.2.2 (WSS1.0) Mutual Authentication with X.509 Certificates, Sign, Encrypt -->
<wsp:Policy wsu:Id="x509_token_asymmetric_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:ProtectTokens/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
</wsp:Policy>
</sp:Wss10>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="signed_body_input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts>
<sp:Body/>
</sp:SignedParts>
<!-- <sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts> -->
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="signed_body_output_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts>
<sp:Body/>
</sp:SignedParts>
<!-- <sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts> -->
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:service name="sts_service">
<wsdl:port name="sts_service_port" binding="tns:x509_token_asymmetric_binding">
<soap:address location=""/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>