I want to know when this assertion is to be considered .
The Require WS-Secure Conversation assertion allows you to require that request and response messages be secured using a secure conversation session. WS-SecureConversation works in conjunction with WS-Security, WS-Trust and WS-Policy.
I have included some links below detailing the specification.
Require WS-Secure Conversation Assertion - CA API Gateway - 9.1 - CA Technologies Documentation
Using WS-Trust and WS-SecureConversation
beat me to it lol...
Here's some info i was able to find,
High Level, that assertion requires that the inbound message has the portions of the request needed to be WS-Secure compliant, if not, it will fail.
The Require WS-Secure Conversation assertion allows you to require that request and response messages be secured using a secure conversation session. Specifically, messages must:
The Require WS-Secure Conversation assertion is a credential source that saves the user that owns the session for later authorization via the Authenticate User or Group Assertion. This assertion can be used in tandem with the Protect Against Message Replay, Sign Element, and Encrypt Element assertions.
Some more information about using WS-Secure Conversation on the Gateway:
Following a pattern similar to TLS, WS-SecureConversation establishes a kind of session key. The processing overhead for key establishment is reduced significantly when compared to WS-Security in the case of frequent message exchanges. However, a new layer is put on top of WS-Security, that implies other WS-* protocols like WS-Addressing and WS-Trust. So the importance of performance has to be compared to the added complexity and dependencies. See the performance section in WS-Security.
Thanks Doyle...So this assertion should be placed after some routing assertion?
Typically, you would want this to be at the top of the policy... its best to fail early if you know the message will eventually fail.
Thank you so much for your reply.As you said it is for securing request and response using a session.If possible for you can you please explain it with small practical example (policy).When WS-Secure conversation actually gets established?I am sorry for asking again and again.
The sample policy "WCF-passtru" uses this assertion. It available in the tread below. Consume WCF Service