In EPractice Lab, a question "Which of the following WS-Security token profiles are supported in Metro?"
A. X509 token profile
B. Kerberos token profile
C. SAML token profile
D. SOAP with Attachments (SwA) profile
E. Right Expression Language REL token profile
The given answer is A, B, C,D.
The explanation from EPractice Lab:
The metro web service stack delivers secure, reliable, transactional interoperability between Java EE and .NET 3.0 to help you build, deploy and maintain composite applications for your service oriented architecture. Metro provides ease of development features, support for W3C and WS-I standards such as SOAP and WSDL, asynchronous client and server, and data binding through JAXB 2.0.
REF token profile is not covered in the project.
But why E is not supported in Metro?
The WS Security REL toke profile document says in this introduction session:
The Web Services Security: SOAP Message Security [WS-Security] specification proposes a
standard set of SOAP extensions that can be used when building secure Web services to
implement message level integrity and confidentiality. This specification describes the use of SO/IEC 21000-5 Rights Expressions with respect to
the WS-Security specification