System policy set collection
To create and manage policy sets, from the admin console, click...
Services > Policy sets > System policy sets
A policy set is a named collection of policies. System policy sets, or assertions about how services are defined, are used to configure access to the trust service.
There are two main types of policy sets; application policy sets and system policy sets. Application policy sets are used for business-related assertions. These assertions are related to the business operations defined in the WSDL file. System policy sets, on the other hand, are used for non-business-related system messages. These messages are defined in other specifications which apply qualities of service (QoS). Examples of QoS are the request security token (RST) messages defined in WS-Trust, the create sequence messages defined in WS-Reliable Messaging, and the metadata exchange messages defined by WS-MetadataExchange.
Depending on the assigned security role when security is enabled, we might not have access to text entry fields or buttons to create or edit configuration data. Review the administrative roles documentation to learn more about the valid roles for the application server.
Select
Provides a check box next to the name of an existing system policy set to select for further actions.
To manage existing system policy sets, select the check box for a system policy set and then select one of the following actions:
Actions Description Delete Removes one or more selected system policy sets. Copy Opens a new panel where we can create a copy of the selected existing policy set. Provide a unique name and, optionally, a description for the copied policy set. We must also specify whether to transfer the attachment and binding from the original version to the copy. We can select only one policy set to be copied at one time. Import Import a policy set. This is a menu item with the option of importing a policy set from a default repository or a selected location. We can select and import the default policy sets from the default repository. The default repository for the import function in the administrative console is the directory which contains the default policy sets. The administrative console also displays the default policy sets in a list which includes descriptions, to allow you to select the desired policy set to import. Export Opens a new panel where we can export the selected policy set. We can select only one policy set to be exported at one time.
New
To create and define a custom system policy set.
Name
Provides a list of available system policy sets.
This column displays a list of default and custom system policy set names. WebSphere Application Server provides several default system policy sets:
- TrustServiceSecurityDefault is a default trust policy set. This trust policy set specifies the asymmetric algorithm as well as the public and private keys to provide message security. Message integrity is provided by digitally signing the body, time stamp, and WS-Addressing headers using RSA. Message confidentiality is provided by encrypting the body and signature using RSA. This policy set follows the WS-Security specifications for the issue and renew trust operation requests.
- TrustServiceSymmetricDefault is a default trust policy set. This trust policy set specifies the symmetric algorithm as well as the derived key algorithms to provide message security. Message integrity is provided by digitally signing the body, time stamp, and WS-Addressing headers using HMAC-SHA1. Message confidentiality is provided by encrypting the body and signature using AES. This policy set follows the WS-Security and WS-SecureConversation specifications for the validate and cancel trust operation requests.
- SystemWSSecurityDefault is a default system policy set that specifies the asymmetric algorithm and both the public and private keys to provide message security. Message integrity is provided by digitally signing the body, time stamp, and WS-Addressing headers using RSA encryption. Message confidentiality is provided by encrypting the body and signature using RSA encryption.
All custom system policy sets are also displayed in the list. Click the system policy set name to view additional details about the selected policy set.
Information Value Data type: String Defaults: TrustServiceSecurityDefault, TrustServiceSymmetricDefault or SystemWSSecurityDefault
Editable
Provides information as to whether the system policy set can be edited.
This column shows whether the policy set is a user-defined, custom policy set that can be edited or whether the policy set is a default policy set that is not editable. Values displayed in this field are: Editable or Not editable. We can change the properties for a default, not editable policy set by copying it, and then modifying the properties of the copy. See copying default policy set and bindings settings.
Important: Even though a policy set is identified as not editable, it is deletable. For example, we cannot edit information for the default system policy set, but we can delete the policy set.
Information Value Data type: String Default: Not editable
Description
Provides brief descriptions of the system policy sets that currently exist.
This column provides a brief description of the policy sets available. We cannot edit information for the default system policy sets. For custom policy sets that we create, we can create the description when we create the policy set. Or, we can edit any custom policy set and modify the description on the details panel at any time. The description field is optional.
Configure system policy sets Define a new system policy set System policy set settings Administrative roles Copy of default policy set and bindings settings