2.2.3.7 Message Framing Transport Security Policy Assertion

 <xs:schema 
            attributeFormDefault="unqualified" 
            elementFormDefault="qualified" 
            targetNamespace="http://schemas.microsoft.com/ws/2006/05/framing/policy" 
            xmlns:xs="http://www.w3.org/2001/XMLSchema">
   <xs:element name="SslTransportSecurity">
     <xs:complexType>
       <xs:sequence>
         <xs:element name="RequireClientCertificate" />
       </xs:sequence>
     </xs:complexType>
   </xs:element>
 </xs:schema>
  

The following describes the content model of the SslTransportSecurity element.

/msf:SslTransportSecurity: A Web service endpoint with the Message Framing Transport Security policy assertion MUST exchange messages using the .NET Message Framing Protocol [MC-NMF]. The preamble MUST include an upgrade request for "application/ssl-tls", as specified in [MC-NMF] section 2.2.3.5. The Web service endpoint MUST accept an upgrade request for "application/ssl-tls".

/msf:SslTransportSecurity/msf:RequireClientCertificate: A parameter that specifies that a client MUST provide a server-recognizable certificate, as specified in [RFC4346] section 7.4.6, during the initial SSL/TLS handshake described in [RFC4346] section 7.3.

The SslTransportSecurity element is nested inside the sp:TransportBinding/wsp:Policy/sp:TransportToken/wsp:Policy element of the TransportBinding Assertion, as specified in [WSSP1.2], to indicate that the SOAP message protection is provided by the Transport Layer Security Protocol [RFC4346].