Security Context Token
SOAP message senders can use security context tokens to sign and/or encrypt a series of SOAP messages, known as a secure conversation, between a SOAP message sender and the target Web service. As long as the security context token has not expired, the SOAP message sender can use the same security context token to sign and/or encrypt the SOAP messages sent to the target Web service. Also, security context tokens are based on a symmetric key, which makes them inherently more efficient at digitally signing or encrypting a SOAP message than an asymmetric key.
Security context tokens also have a benefit over other types of tokens in that they can be requested from a security token service by sending a SOAP message to a security token service. For information about setting up a security token service, see Establishing a Secure Conversation.
To establish a secure conversation, either set the EstablishSecurityContext attribute to true for a turnkey security assertion or use a custom policy assertion that supports secure conversations. For more information on the turnkey security assertions, see Turnkey Security Assertions. For more information about creating custom policy assertions that support secure conversations, see How to: Create a Custom Policy Assertion That Supports Secure Conversations.
See Also
Tasks
How to: Create a Custom Policy Assertion That Supports Secure Conversations