Signed or Encrypted message part settings

WAS v8.5 > Reference > Sets
Signed or Encrypted message part settings page

Use this page to configure or create new signed or encrypted message parts. Message part bindings define how the part (which is defined in a policy set) is handled.
We can configure or create new signed or encrypted message parts when editing a default cell or server binding. We can also configure application specific bindings for tokens and message parts required by the policy set.
To view this dmgr console page when editing a default cell binding:

Click Services > Policy sets > Default policy set bindings.

Click the WS-Security policy in the Policies table.

Click the Authentication and protection link in the Main message security policy bindings section.
Select a signature or an encrypted message part in the Request message signature and encryption protection section or the Response message signature and encryption protection section.

To view this dmgr console page when we are configuring application specific bindings for tokens and message parts required by the policy set:

Click Applications > Application Types > WebSphere enterprise applications.
Select an application containing web services. The application must contain a service provider or a service client.

Click the Service provider policy sets and bindings link or the Service client policy sets and bindings in the Web Services Properties section.
Select a binding. You must have previously attached a policy set and assigned a application specific binding.

Click the WS-Security policy in the Policies table.

Click the Authentication and protection link in the Main message security policy bindings section.
Select a signature or an encrypted message part in the Request message signature and encryption protection section or the Response message signature and encryption protection section.

This dmgr console page applies only to JAX-WS applications.

Name

Name of the message part reference. The name field displays the name of the part reference you are editing, or we can enter a name if you are creating a message part reference.

Include time stamp

This check box is available on this panel if you are configuring encryption protection and it specifies whether to include a time stamp. Select this check box to indicate that a time stamp is included or leave it unchecked to indicate the time stamp is not included with the part reference.
For default bindings, to specify if a time stamp is included for signature protection, click the Signed part reference default link under the Additional bindings section.
For application specific bindings, to specify if a time stamp is included for signature protection, highlight an assigned signature message part reference and click Edit. The time stamp check box is located in the Reference section.

Include nonce

This check box is available on this panel if you are configuring encryption protection and it specifies whether to include nonce. Select this check box to indicate that a nonce is to be used or leave it unchecked to indicate that nonce is not to be included with this part reference.
For default bindings, to specify if a nonce is included for signature protection, click the Signed part reference default link under the Additional bindings section.
For application specific bindings, to specify if a nonce is included for signature protection, highlight an assigned signature message part reference and click Edit. The nonce check box is located in the Reference section.

Usage of key information reference

This field is available on this panel if you are configuring encryption protection and it specifies the encryption key information is either data encryption key information or key encryption key information. Select Data encryption for symmetric algorithms and Key encryption for asymmetric algorithms.
Click one of the following radio buttons:

Data encryption

Indicates the key information is used for data encryption.

Key encryption

Indicates the key information is key encryption key information.

Key information (Request)

If you are configuring a request message signature or encryption protection, this field specifies the key information for a token request message part. This section provides interactive fields to assign the key information.
The Available field contains a listing of available key information entries for the message part. The Assigned field contains a listing of one or more of the key information entries assigned to the message part. Use the following actions to work with multiple request message part key information entries:

Button Resulting action
Add Add the selected key information entry in the Available list to the Assigned list.
New Create a new key information entry.
Remove Remove the selected key information entry from the Assigned list.

Key information (Response)

If you are configuring a response message signature or a response encryption protection, this field specifies the key information for a token response message part. This field provides a menu used to assign the key information. We can only assign one key information entry for response message parts. The New button enables you to add a new key information entry to the menu for selection.

Custom properties – Name

Name of the custom property to be used.
Custom properties are not initially displayed in this column. The following actions are available:

Button Resulting Action
New Creates a new custom property entry. To add a custom property, enter the name and value.
Edit Specifies that we can edit the selected custom property. Select this action to provide input fields and create the listing of cell values for editing. The Edit button is not available until at least one custom property has been added.
Delete Removes the selected custom property.

Custom properties – Value

Value of the custom property to be used. With the Value entry field, we can edit, enter or delete the value for a custom property.

Additional bindings – Signed part reference default

If you are configuring signature protection, this section is displayed on this panel. It links to a panel where we can configure part reference properties such as including a time stamp or nonce and transform algorithms. Part reference properties include the transform algorithms used to protect the message part.

Signature method

Signature method is optional. The default signature methods are:

RSA SignatureMethod
HMAC SignatureMethod

WS-Security can be configured to support stronger SHA-2 signature methods. For more information about SHA-2 signature methods, read about Web services security custom properties.

Reference:

Web services security custom properties

Related

Define and managing policy set bindings
Manage policy sets

Reference:

Policy set bindings settings

+
Search Tips | Advanced Search

Button	Resulting action
Add	Add the selected key information entry in the Available list to the Assigned list.
New	Create a new key information entry.
Remove	Remove the selected key information entry from the Assigned list.

Button	Resulting Action
New	Creates a new custom property entry. To add a custom property, enter the name and value.
Edit	Specifies that we can edit the selected custom property. Select this action to provide input fields and create the listing of cell values for editing. The Edit button is not available until at least one custom property has been added.
Delete	Removes the selected custom property.