To specify the transform algorithm used for processing the WS-Security message.
This admin console panel applies only to JAX-RPC applications.
To view this admin console page for the cell level...
- Click Security > JAX-WS and JAX-RPC security runtime.
- Under JAX-RPC Default Generator Bindings or JAX-RPC Default Consumer Bindings, click Signing information > signing_information_name.
- Under Additional properties, click Part references > part_name.
- Under Additional properties, click Transforms.
- Click New to create a transform configuration or click the name of an existing configuration to modify its settings.
To view this admin console page for the server level...
- Click Applications > Application Types > WebSphere enterprise apps > application_name.
- Under Security, click JAX-WS and JAX-RPC security runtime.
In a mixed node cell with a server using Websphere Application Server version 6.1 or earlier, click Web services: Default bindings for WS-Security
- Under JAX-RPC Default Generator Bindings or JAX-RPC Default Consumer Bindings, click Signing information > signing_information_name.
- Under Additional properties, click Part references > part_name.
- Under Additional properties, click Transforms.
- Click New to create a transform configuration or click the name of an existing configuration to modify its settings.
To view this admin console page for the application level... This option is available for V6.x applications only.
- Click Applications > Application Types > WebSphere enterprise apps > application_name.
- Click Manage modules > URI_name.
- Under WS-Security Properties, we can access the transforms information for the following bindings:
- For the Request generator (sender) binding, click Web services: Client security bindings. Under Request generator (sender) binding, click Edit custom.
- For the Request consumer (receiver) binding, click Web services: Server security bindings. Under Request consumer (receiver) binding, click Edit custom.
- For the Response generator (sender) binding, click Web services: Server security bindings. Under Response generator (sender) binding, click Edit custom.
- For the Response consumer (receiver) binding, click Web services: Client security bindings. Under Request consumer (receiver) binding, click Edit custom.
- Under Required properties, click Signing information > signing_information_name.
- Under Additional properties, click Part references > part_name > Transforms.
- Click New to create a transform configuration or click the name of an existing configuration to modify its settings.
Specify a transform name and select a transform algorithm before specifying additional properties.
- Transform name
Name assigned to the transform algorithm.
- Transform algorithm
Algorithm URI of the transform algorithm.
This product supports the following algorithms:
- http://www.w3.org/2001/10/xml-exc-c14n#
- This algorithm specifies the World Wide Web Consortium (W3C) Exclusive Canonicalization recommendation.
- http://www.w3.org/TR/1999/REC-xpath-19991116
- This algorithm specifies the W3C XML path language recommendation. If we specify this algorithm, specify the property name and value by clicking Properties, which is displayed under Additional properties. For example, we might specify the following information:
- Property
- com.ibm.wsspi.wssecurity.dsig.XPathExpression
- Value
- not(ancestor-or-self::*[namespace-uri()='http://www.w3.org/2000/09/xmldsig#' and local-name()='Signature'])
Do not use this transform algorithm if we want the configured application to be compliant with the Basic Security Profile (BSP). Instead use http://www.w3.org/2002/06/xmldsig-filter2 to ensure compliance.
- http://www.w3.org/2002/06/xmldsig-filter2
- This algorithm specifies the XML-Signature XPath Filter V2.0 proposed recommendation.When you use this algorithm, specify a set of properties. Use multiple property sets for the XPath Filter V2. Therefore, IBM recommends that the property names end with the number of the property set, which is denoted by an asterisk in the following examples:
- To specify an XPath expression for the XPath filter2, we might use:
name com.ibm.wsspi.wssecurity.dsig.XPath2Expression_*- To specify a filter type for each XPath, we might use:
name com.ibm.wsspi.wssecurity.dsig.XPath2Filter_*Following this expression, we can have a value, [intersect], [subtract], or [union].- To specify the processing order for each XPath, we might use:
name com.ibm.wsspi.wssecurity.dsig.XPath2Order_*Following this expression, indicate the processing order of the XPath.
The following is a list of complete examples:
com.ibm.wsspi.wssecurity.dsig.XPath2Expression_2 = [XPath expression#1] com.ibm.wsspi.wssecurity.dsig.XPath2Filter_1 = [intersect] com.ibm.wsspi.wssecurity.dsig.XPath2Order_1 = [1] com.ibm.wsspi.wssecurity.dsig.XPath2Expression_2 = [XPath expression#2] com.ibm.wsspi.wssecurity.dsig.XPath2Filter_2 = [subtract] com.ibm.wsspi.wssecurity.dsig.XPath2Order_2 = [2]- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform
- This algorithm specifies the enhancements to SOAP messaging that provide message integrity and confidentiality.
- http://www.w3.org/2002/07/decrypt#XML
- This algorithm specifies the W3C decryption transform for XML Signature recommendation.
- http://www.w3.org/2000/09/xmldsig#enveloped-signature
- This algorithm specifies the W3C recommendation for XML digital signatures.
Related concepts
Basic Security Profile compliance tips
Related tasks
Set the signing information using JAX-RPC for the generator binding on the application level
Related
Transforms collection