Network Deployment (Distributed operating systems), v8.0 > Reference > Sets
Inbound WS-Security configuration [Settings]
WS-Security configuration for an inbound request. This defines WS-Security requirements for the request consumed from the client and the response generated. The objects created may be applied to one or more inbound ports.
Service integration -> Web services -> WS-Security configurations -> v1-inbound-config_name .
We can configure the service integration bus for secure transmission of SOAP messages by using tokens, keys, signatures and encryption in accordance with the Web Services Security (WS-Security) 1.0 specification.
Alternatively, you can configure the bus in accordance with the previous WS-Security specification, WS-Security Draft 13 (also known as the Web Services Security Core Specification). However, use of the WS-Security Draft 13 specification is deprecated, and you should only use it to allow continued use of an existing web services client application that has been written to the WS-Security Draft 13 specification.
You use an inbound configuration to secure the SOAP messages that pass between a service requester (client) and an inbound service (which acts as a target web service). The configuration specifies the level of security that you require (for example "The body must be signed"). This level of security is then implemented through the run-time information contained in the following types of WS-Security binding:
For WS-Security v1.0:
- request consumer, for use when consuming requests from a client to an inbound service.
- response generator, for use when generating responses from an inbound service to a client.
For WS-Security Draft 13:
- request receiver, for use when receiving requests from a client to an inbound service.
- response sender, for use when sending responses from an inbound service to a client.
WS-Security configurations are administered independently from any web service that uses them, so you can create an inbound configuration then apply it to many inbound services.
Configuration tab
These property values are preserved even if the runtime environment is stopped then restarted.
General Properties
WS-Security version
Identifies the version of the WS-Security specification this configuration uses.
Required No Data type String
Service type
The type of service the WS-Security configuration applies to.
Required No Data type String
Name
The name of the inbound WS-Security configuration.
This name must be unique across both WS-Security v1.0 and Draft 13 Inbound configurations, and it must obey the following syntax rules:
- It must not start with "." (a period).
- It must not start or end with a space.
- It must not contain any of the following characters: \ / , # $ @ : ; " * ? < > | = + & % '
Required Yes Data type String
Actor URI
WS-Security headers within the consumed request message will only be processed if they have the specified Actor URI.
Required No Data type String
Request consumer
Required integrity
Integrity constraints consumed messages must meet. This includes specifying which message parts within the incoming message must be digitally signed, and the message parts to which attached digitally signed Nonce and time stamp elements are expected.
Required confidentiality
Confidentiality constraints consumed messages must meet. This includes specifying which message parts within the incoming message must be encrypted, and the message parts to which attached encrypted Nonce and time stamp elements are expected.
Required security token
Specifies accepted stand-alone security tokens within a consumed message. Stand-alone security tokens are those not already used for signature or encryption. Defining a required security token means that messages containing a token of that type will be processed according to the usage assertion. The security token will not be used for authentication unless it is also specified within a caller.
Caller
Security token, signed part or encrypted part used for authentication. If a signed or encrypted part is used, the value of the part attribute must be the name of a defined required integrity or required confidentiality constraint. If a stand-alone security token is used for authentication, then the URI and local name attributes must define the type of security token used for authentication.
Add time stamp
When add time stamp is specified for a consumer, a time stamp is added indicating when the message was consumed. For a generator, a time stamp is added indicating when the message was generated.
Properties
General properties for the inbound WS-Security configuration.
Response generator
Actor
Defines the Actor URI to be included in WS-Security headers of generated response.
Integrity
Integrity constraints applied to generated messages. This includes specifying which message parts within the generated message must be digitally signed, and the message parts to attach digitally signed Nonce and time stamp elements to.
Confidentiality
Confidentiality constraints applied to generated messages. This includes specifying which message parts within the generated message must be encrypted, and the message parts to attach encrypted Nonce and time stamp elements to.
Security Token
Specifies stand-alone security tokens to insert into the generated message. Stand-alone security tokens are those not already used for signature or encryption. Standard and custom security tokens may be defined by URI and local name.
Add time stamp
When add time stamp is specified for a consumer, a time stamp is added indicating when the message was consumed. For a generator, a time stamp is added indicating when the message was generated.
Properties
General properties for the inbound WS-Security configuration.
Administrative console buttons
Administrative console preferences