Define and managing secure policy set bindings

Subtopics

• Configure the SSL transport policy
  When working with policy sets in the administrative console, we can customize policies to ensure message security by configuring the SSL transport policy.

• (dist)(zos) Configure SCA web service binding for transport layer authentication
  Use this task to configure a web service binding to perform transport-layer HTTP basic authentication.

• Transformation of policy and binding assertions for WSDL
  Web Services Security does not fully support the OASIS WS-SecurityPolicy Version 1.2 standard. However, several of the policy and binding assertions supported by WAS can be transformed and represented as WS-SecurityPolicy Version 1.2 assertions. The supported assertions are transformed when a Web Services Description Language (WSDL) or Web Services Metadata Exchange (WS-MEX) request is received in a message, and also when the client receives a policy containing WS-SecurityPolicy 1.2 assertions.

• Secure message parts using the administrative console
  If we are working with policy sets, then we can secure message parts using the administrative console. To secure message parts with WS-Security using policy sets, define the elements for the message parts to be protected in the WS-Security policy within a policy set.

• Signing and encrypting message parts using policy sets
  With web services, we can sign message parts, encrypt message parts, or both, based on the quality of service defined for a policy set. We can accomplish these actions by defining the binding information in a custom attachment binding.

• Configure the callers for general and default bindings
  The caller specifies the token or message part used for authentication.

• Change the order of the callers for a token or message part
  Specifying a caller in default and general bindings indicates which token or tokens to use to create authentication credentials. When there are multiple tokens on an incoming message, the order of the callers determines which token is used for the credentials. We can rearrange the order of the callers using the administrative console.

• (dist)(zos) Configure SCA web service binding to use SSL
  Use this task to specify abstract intents in the Service Component Architecture (SCA) composite file to achieve a quality of service for secure connection using SSL.

• (dist)(zos) Configure web service binding for LTPA authentication
  Use this task to configure a web service binding to perform authentication using LTPA tokens.

• Policy set bindings settings for WS-Security
  Use this page to view, define or configure general bindings and application specific properties for the WS-Security policy. We can configure the main policy or the secure conversation bootstrap policy by editing the general bindings.

• Keys and certificates
  Use this page to link to key and certificate binding configuration panels. This panel defines key and certificate bindings for JAX-WS web services only. These keys and certificates can be centrally managed by the product or in an external keystore.

• WS-Security authentication and protection
  Use the links on this page to configure authentication, protection, signature, and encryption information that the policy requires.

• Caller settings
  Use this page to configure the caller settings. The caller specifies the token or message part used for authentication.

• Caller collection
  The caller specifies the token or message part to use for authentication. Use this administrative console page to access, view and configure the caller settings for message parts.

• Message expiration settings
  Use this page to define settings for message expiration, if and when messages expire. When specified message expiration, the message expires after the specified interval of time passes.

• Actor roles settings
  Use this page to define settings for SOAP actor roles. The SOAP actor, also known as the SOAP role, defines the intermediary or ultimate recipient of a message.