Supported functionality from OASIS specifications


 

WAS supports these OASIS WS-Security V1.0 specifications.

In WAS V6.1 Feature Pack for Web Services, and later, support for the OASIS standards has been updated to WS-Security V1.1...

The following standards are supported only in WAS V7.0.

WS-SecurityPolicy support is only available for WS-MetadataExchange scenarios where the assertions are embedded in the WSDL file.

In 2007, the OASIS Web Services Secure Exchange Technical Committee (WS-SX) produced and approved the following specifications. Portions of these specifications are supported by WAS V7.

 

OASIS: WS-Security SOAP Message Security 1.0 and 1.1

The following table shows the aspects of the OASIS: WS-Security: SOAP Message Security 1.0 and 1.1 specifications that are supported in WAS Versions 6 and later.

Supported topic Specific aspect that is supported
Security header

  • @S11:actor (for an intermediary)
  • @S11:mustUnderstand
  • @S12:mustUnderstand
  • @S12:role

S12 is the namespace prefix for...

http://www.w3.org/2003/05/soap-envelope

...when using SOAP V1.2

Security tokens

WAS does not provide an XML token implementation, but we can use an XML token with plug-in point.

Token references

  • Direct reference
  • Key identifier
  • Key name
  • Embedded reference
Signature Signature confirmation
Signature algorithms

 

Aspects of OASIS Trust V1.3 standard that are unsupported in WAS

Unsupported topic Specific aspect not supported
Elements and attributes

/wst:RequestSecurityToken/wst:Entropy/wst:BinarySecret/@Type

Unsupported request options:

  • For...

    docs.oasis-open.org/ws-sx/ws-trust/200512/AsymmetricKey
    docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey

    • /wst:RequestSecurityToken/wst:Claims
    • /wst:RequestSecurityToken/wst:AllowPostdating
    • /wst:RequestSecurityToken/wst:OnBehalfOf
    • /wst:RequestSecurityToken/wst:AuthenticationType
    • /wst:RequestSecurityToken/wst:KeyType

  • For...

    • /wst:RequestSecurityToken/wst:SignatureAlgorithm
    • /wst:RequestSecurityToken/wst:EncryptionAlgorithm
    • /wst:RequestSecurityToken/wst:CanonicalizationAlgorithm
    • /wst:RequestSecurityToken/wst:ComputedKeyAlgorithm
    • /wst:RequestSecurityToken/wst:Encryption
    • /wst:RequestSecurityToken/wst:ProofEncryption
    • /wst:RequestSecurityToken/wst:UseKey
    • /wst:RequestSecurityToken/wst:UseKey/@Sig
    • /wst:RequestSecurityToken/wst:SignWith
    • /wst:RequestSecurityToken/wst:EncryptWith
    • /wst:RequestSecurityToken/wst:DelegateTo
    • /wst:RequestSecurityToken/wst:Forwardable
    • /wst:RequestSecurityToken/wst:Delegatable
    • /wst:RequestSecurityToken/wsp:Policy
    • /wst:RequestSecurityToken/wsp:PolicyReference
Response header

/wsa:Action

Unsupported Responses:

  • http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Issue
  • http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Renew
  • http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Cancel
  • http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Validate





 

Related concepts

WS-MetadataExchange requests
Encrypted SOAP headers
Signature confirmation
Basic Security Profile compliance tips
What is new for securing Web services

 

Related tasks

Enable MTOM for JAX-WS Web services

 

Related

Encryption information settings: Message parts