Transforms configuration settings

Use this page to specify the transform algorithm that is used for processing the Web services security message.

To view this administrative console page for the cell level, complete the following steps:

1. Click Security > Web services.

2. Under Default generator bindings or Default consumer bindings, click Signing information > signing_information_name.

3. Under Additional properties, click Part references > part_name.

4. Under Additional properties, click Transforms.

5. Click New to create a transform configuration or click the name of an existing configuration to modify its settings.

To view this administrative console page for the server level, complete the following steps:

1. Click Application Servers > Servers > servername.

2. Under Security, click Web services: Default bindings for Web services security.

3. Under Default generator bindings or Default consumer bindings, click Signing information > signing_information_name.

4. Under Additional properties, click Part references > part_name.

5. Under Additional properties, click Transforms.

6. Click New to create a transform configuration or click the name of an existing configuration to modify its settings.

To view this administrative console page for the application level, complete the following steps. This option is available for version 6.x applications only.

1. Click Applications > Enterprise applications > appname.

2. Under Related items, click EJB modules or Web modules >URI_name.

3. Under Additional properties, one can access the transforms information for the following bindings:

   • For the Request generator (sender) binding, click Web services: Client security bindings. Under Request generator (sender) binding, click Edit custom.

   • For the Request consumer (receiver) binding, click Web services: Server security bindings. Under Request consumer (receiver) binding, click Edit custom.

   • For the Response generator (sender) binding, click Web services: Server security bindings. Under Response generator (sender) binding, click Edit custom.

   • For the Response consumer (receiver) binding, click Web services: Client security bindings. Under Request consumer (receiver) binding, click Edit custom.

4. Under Required properties, click Signing information > signing_information_name.

5. Under Additional properties, click Part references > part_name > Transforms.

6. Click New to create a transform configuration or click the name of an existing configuration to modify its settings.

You must specify a transform name and select a transform algorithm before specifying additional properties.

Transform name

Name that is assigned to the transform algorithm.

Transform algorithm

Specifies the algorithm Uniform Resource Identifier (URI) of the transform algorithm.

WebSphere Application Server supports the following algorithms:

http://www.w3.org/2001/10/xml-exc-c14n#

This algorithm specifies the World Wide Web Consortium (W3C) Exclusive Canonicalization recommendation.

http://www.w3.org/TR/1999/REC-xpath-19991116

This algorithm specifies the W3C XML path language recommendation. If you specify this algorithm, specify the property name and value by clicking Properties, which is displayed under Additional properties. For example, you might specify the following information:

Property

com.ibm.wsspi.wssecurity.dsig.XPathExpression

Value

not(ancestor-or-self::*[namespace-uri()='http://www.w3.org/2000/09/xmldsig#' and local-name()='Signature'])

http://www.w3.org/2002/06/xmldsig-filter2

This algorithm specifies the XML-Signature XPath Filter V2.0 proposed recommendation.

When you use this algorithm, specify a set of properties. Use multiple property sets for the XPath Filter V2. Therefore, it is recommended that your property names end with the number of the property set, which is denoted by an asterisk in the following examples:

• To specify an XPath expression for the XPath filter2, you might use:

  name com.ibm.wsspi.wssecurity.dsig.XPath2Expression_*

• To specify a filter type for each XPath, you might use:

  name com.ibm.wsspi.wssecurity.dsig.XPath2Filter_* Following this expression, one can have a value, [intersect], [subtract], or [union].

• To specify the processing order for each XPath, you might use:

  name com.ibm.wsspi.wssecurity.dsig.XPath2Order_* Following this expression, indicate the processing order of the XPath.

The following is a list of complete examples:

com.ibm.wsspi.wssecurity.dsig.XPath2Expression_2 = [XPath expression#1]
com.ibm.wsspi.wssecurity.dsig.XPath2Filter_1 = [intersect]
com.ibm.wsspi.wssecurity.dsig.XPath2Order_1 = [1]
com.ibm.wsspi.wssecurity.dsig.XPath2Expression_2 = [XPath expression#2]
com.ibm.wsspi.wssecurity.dsig.XPath2Filter_2 = [subtract]
com.ibm.wsspi.wssecurity.dsig.XPath2Order_2 = [2]

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform

http://www.w3.org/2002/07/decrypt#XML

This algorithm specifies the W3C decryption transform for XML Signature recommendation.

http://www.w3.org/2000/09/xmldsig#enveloped-signature

This algorithm specifies the W3C recommendation for XML digital signatures.

---

 

---