I am hoping somebody here can help me. I have spent several days trying to figure out how to create a WS-Policy that does the following:
1. Mutual authentication using X.509 certificates; and symmetric session keys generated and encrypted by client and sent to server during an initial "handshake".
2. Set up WS-SecureConversation to use a symmetric encryption algorithm and message authentication code to protect future messages.
3. Time out the session keys after a while so that the handshake has to be repeated.
Essentially, I am trying to get SSL-like security at the message level without having to use asymmetric algorithms to protect each message (which will cause a huge performance hit).
Unfortunately, all the tutorials I have seen seem to either deal with asymmetric algorithms only, or are outdated and do not work with current frameworks.
Can you point me to a sample WS-Policy that does the above? Thanks in advance!