Web services policy set bindings
A set of bindings is a named object associated with a specific policy set and service resource that is attached to the policy set.
Bindings contain environment and platform specific information, like the following types of information:
- Keys used for signature and encryption
- Keystore information
- Authentication information
- Persistent information
Typically, bindings are specific to the application or the platform, and they are not shared.
There are two types of bindings, application specific bindings and general bindings.
Application specific binding
Create application specific bindings only at a policy set attachment point. These bindings are specific to and defined by the characteristics of the policy. Application specific bindings are capable of providing configuration for advanced policy requirements, such as multiple signatures; however, these bindings are only reusable within an application. Furthermore, application specific bindings have limited reuse across policy sets.
When we create an application specific binding for a policy set attachment, the binding begins in a completely unconfigured state. We must add each policy, such as WS-Security or HTTP transport, to override the default binding and fully configure the bindings for each policy that we have added.
For WS-Security policy, some high level configuration attributes such as TokenConsumer, TokenGenerator, SigningInfo, or EncryptionInfo might be obtained from the default bindings if they are not configured in the application specific bindings.
For service providers, we can only create application specific bindings by selecting...
-
Assign Binding > New Application Specific Binding
...for service provider resources that have an attached policy set.
See service providers policy sets and bindings collection. Similarly, for service clients, we can only create application specific bindings by selecting Assign Binding > New Application Specific Binding for service client resources that have an attached policy set. See service client policy set and bindings collection.
General bindings
General bindings can be configured to be used across a range of policy sets and can be reused across applications and for trust service attachments. Although general bindings are highly reusable, they do not provide configuration for advanced policy requirements, such as multiple signatures. There are two types of general bindings:
- General provider policy set bindings
- General client policy set bindings
Create general policy set bindings by copying an existing binding or by creating a new one. For WS-Security bindings, copy an existing sample binding. Creating a new policy set binding from scratch for WS-Security can cause unexpected problems at run time.
To create general provider policy set bindings, in the administrative console, select Services > Policy sets > General provider policy set bindings > New or Copy. To create general client policy set bindings, select...
-
Services > Policy sets > General client policy set bindings > New or Copy
See Define and manage service client or provider bindings. General provider policy set bindings can also be used for trust service attachments.
After we make a copy of the provider or client sample bindings, customize only the settings of the new copy to suit your purposes. Do not remove anything from your binding copy, such as token generators, token consumers, sign parts, or encrypt parts. We can add things to your binding copy if needed, but deleting information can cause unanticipated errors at run time.
The sample general bindings that are shipped with the product are provider and client sample. Do not use these sample bindings in their current state in a production environment. However, if they were modified to contain non-sample data, we can use these sample bindings in a production environment.
We cannot assign a binding to a service provider resource that does not have a policy set or has an inherited attachment. To assign a binding to such a service provider resource, first attach a policy set to the resource. Also, we cannot assign a binding to a service client resource that does not have an effective policy configuration or has an inherited policy attachment. To assign a binding to such a service client resource, first attach a policy set or specify the use of the provider policy.
Related: