Main policy and bootstrap policy settings
Use this page to specify how message security policies are applied to requests and enforced on responses, as defined by the main policy settings and the bootstrap policy settings. Assertions for Web Services Security (WS-Security) versions are already generated based on assertions in the policy set. If the policy set includes a Web Services Security Version 1.1 assertion, then Web Services Security Version 1.1, itself, is asserted.
To view this administrative console page, use one of the following steps:
- Click Services > Policy sets > Application policy sets > policy_set_name .
- Click the WS-Security policy in the Policies table.
- Click the Main policy link or the Bootstrap policy link.
Message level protection
Whether message level protection, using digital signatures and encryption, is required.
- Require signature confirmation
- Whether the signature confirmation is required. Select this check box to require a signature confirmation.
Message part protection
Whether message part protection, using digital signatures and encryption, is required.
- Request message part protection
- Click this link to define which request message parts we want protected and how that protection is provided.
- Response message part protection
- Click this link to define policies that specify which response message parts we want protected and how that protection is provided.
When the Message level protection check box is cleared, the link to Request message part protection is disabled, because the configuration information associated with message level security is removed when message level protection is cleared.
Key symmetry - Use symmetric tokens
Whether to use symmetric tokens. Select this radio button to use symmetric tokens. We can then configure symmetric tokens using the Symmetric signature and encryption policies link. Click this link to access the Symmetric signature and encryption policies panel where we can create the trust context in which to use symmetric tokens. Using the same token for signing and validating messages and encrypting and decrypting messages provides higher performance than can be achieved with asymmetric tokens. Use symmetric tokens within a trust context. If a custom Kerberos token type is used, you must select the Use symmetric tokens option.
Key symmetry - Use asymmetric tokens
Whether to use asymmetric tokens. Select this button to use asymmetric tokens. We can then configure asymmetric tokens using the Asymmetric signature and encryption policies link. Click this link to access the Asymmetric signature and encryption policies panel where we can create the trust context (message integrity and confidentiality) in which to use asymmetric tokens. Specify which token type to use for the initiator and recipient signature as well as the initiator and recipient encryption.
Include time stamp in security header
Whether to use a time stamp in the header. Select this check box to include a time stamp in the header. We can then specify where in the header to place the time stamp using the Security header layout radio buttons.
Security header layout
Layout rules for the security header.
We can use the following radio buttons for the security header layout:
- Strict: declarations must precede use
- The declarations in the header must precede the use.
- Layout (Lax): order of contents can vary
- The order of contents in the header can vary.
- Lax but timestamp required first in header
- The timestamp must be first in the header, but the order of the remaining elements can vary.
- Lax but timestamp required last in header
- The timestamp must be last in the header, but the order of the remaining elements can vary.
Policy details
Specifies links for accessing the request token policies, response token policies, and algorithms for asymmetric tokens. Click these links to view token policies and cannonicalization algorithms that are supported. Algorithms are used to reconcile XML differences.
Request token policies
Click this link to define policies that specify which types of supporting authentication tokens are used in the request and the properties of those token types.
Response token policies
Click this link to define policies that specify which types of supporting authentication tokens are used in the response and the properties of those token types.
Algorithms for symmetric or asymmetric tokens
Links to a view of available algorithms. Click this link to view the cryptographic and cannonicalization algorithms that are supported. Algorithms are used to reconcile XML differences.
Subtopics
- Asymmetric signature and encryption policies settings
Use this page to create the trust context, message integrity and confidentiality, to use asymmetric tokens. We can create the trust context by specifying which token type to use for the initiator and recipient signature as well as the initiator and recipient encryption.
- Symmetric signature and encryption policies settings
Use this page to create the trust context to use symmetric tokens. Using the same token for signing and validating messages and encrypting and decrypting messages increases performance. Use symmetric tokens within a trust context.
- Algorithms settings
Use this page to view the supported cryptographic and canonicalization algorithms. Algorithms are used to reconcile XML differences.
- Message part protection settings
Use this page to define the message parts we want protected and how that protection is provided.
- Signed part settings
Use this page to define the elements of a signed part. Signed parts are used to protect message integrity and, in this case, the signed parts are being defined as part of the policy set process.
- Encrypted message part settings
Use this page to define the elements of an encrypted part of a message. Encrypted parts are used to protect message confidentiality, and in this case, the encrypted parts are being defined as part of the policy set process. A message part is a named set of one or more message elements.
Related tasks
Manage policy sets using the administrative console
Asymmetric signature and encryption policies settings Symmetric signature and encryption policies settings Algorithms settings Request or Response token policies collection Message part protection settings Signed part settings Encrypted message part settings Application policy sets collection Application policy set settings WS-Security policy settings