+

Search Tips   |   Advanced Search

Key information settings

Configure the key information for the selected policy set binding. Key information attributes define how cryptographic keys are generated or consumed.

We can configure the key information for the selected policy set binding when we are editing a default cell or server binding. We can also configure application specific bindings for tokens and message parts required by the policy set.

To view this administrative console page when we are editing a default cell binding:

  1. Click Services > Policy sets > General provider policy set bindings or General client policy set bindings.

  2. Click on a binding name in the Name column.

  3. Click the WS-Security policy in the Policies table.

  4. Click the Keys and certificates link in the Main message security policy bindings section.

  5. Click a key in the Name column of the Key information table.

To view this administrative console page when we are configuring application specific bindings for tokens and message parts that are required by the policy set:

  1. Click Applications > Application Types > WebSphere enterprise applications.

  2. Select an application containing web services. The application must contain a service provider or a service client.

  3. Click the Service provider policy sets and bindings link or the Service client policy sets and bindings in the Web Services Properties section.

  4. Select a binding. We must have previously attached a policy set and assigned an application specific binding.

  5. Click the WS-Security policy in the Policies table.

  6. Click the Keys and certificates link in the Main message security policy bindings section.

  7. Click a key in the Name column of the Key information table.

This administrative console page applies only to JAX-WS applications.


Name

Unique name for the key information configuration.

The key information name field displays the unique name of the key being used configured if we are editing a key. If we are creating one, enter a unique name.


Type

Lists the type of key reference.

This field appears only if we selected an encryption or signing key for the generator binding, such as gen_signkeyinfo, gen_signsctkeyinfo, gen_encsctkeyinfo, or gen_enckeyinfo.

We can select one of the following key types from this list:

Key identifier

The associated attribute in the binding file is KEYID.

Security token reference

The associated attribute in the binding file is STRREF.

Embedded token

The associated attribute in the binding file is EMB.

X.509 issuer name and issuer serial

The associated attribute in the binding file is X509ISSUER.

Thumbprint

The associated attribute in the binding file is THUMBPRINT.

The Thumbprint key information type requires a keystore with the public and private key pair instead of a shared key.

Information Value
Data type: Selection list


Token generator or consumer name

Name of the token generator or consumer. Unique name for the token configuration.

The token generator or consumer name field displays the name of the pre-configured tokens that can be used in the key information configuration if we are editing a key or creating a new key.

We can select a token generator or consumer name from this list. The list of names changes, depending on whether the key information selected is for inbound (consumer) keys or outbound (generator) keys. For keys with outbound direction, the list of defined token generators is displayed. For keys with inbound direction, the list of defined token consumers is displayed.

Information Value
Data type: String


Direction

Specifies whether the direction of the key is inbound or outbound.

The direction of generator tokens are outbound whereas the direction for consumer tokens and decryption keys are inbound.

Information Value
Data type: String
Default values: Inbound (for consumer bindings) or Outbound (for generator bindings)


Requires derived keys

Specifies whether the key information requires derived keys.

Explicit derived keys

Requires that derived keys be explicitly specified with a WS-SecureConversation <DerivedKeyToken> element.

Implicit derived keys

Requires that derived keys be implicitly specified with a WS-SecureConversation Nonce attribute on the WS-Security <SecurityTokenReference> element.


Override Defaults

Specify derived key values overrides the derived key information that the runtime generates by default.

IBM recommends that we do not override the following optional attributes. Web Services Security automatically provides default values for each attribute. Overriding the default values might be required if the service is running cross-vendors. The vendors can use different attribute values for derived key generation.bprac

Key length

Derived key length. If an override value is not specified, the default value is provided based on the algorithm suite policy assertion. IBM recommends that you leave this field empty so the default value can be used. Valid values for the key length range between 16 and 32.

Nonce length

Nonce length. A nonce is generated for each request, and included for derived key generation. This value is optional, and if an override value is not specified, a default value is used to generate the nonce. A valid value for the nonce length is any integer between 16 and 128.

Client label

Client label. The label is used in the P_SHA-1 function to generate the derived key. If unspecified, the default value used is WS-SecureConversation.

Service label

Service label. The label is used in the P_SHA-1 function to generate the derived key. If unspecified, the default value used is WS-SecureConversation.


Custom properties

Specifies additional configuration settings that token types might require.

Custom properties are arbitrary name-value pairs of data.

This table lists custom properties. Use custom properties to set internal system configuration properties. We are not required to define a custom property when defining a custom token.


Select

Specifies custom properties that we can add, edit, or delete from policy set bindings.

Click New to add and define a new custom property.

For existing custom properties, select the check box for the name of the custom property, and click one of the following actions:

Action Description
New Creates a new custom property entry. To add a custom property, enter the name and value.
Edit That we can edit the selected custom property. Click this option to provide input fields and create the list of cell values to edit. At least one custom property must exist before the Edit option is displayed.
Delete Removes the selected custom property.

Information Value
Data type: Check box (unchecked)


Name

Name of the custom property that we can use with default policy set bindings.

Custom properties are arbitrary name-value pairs of data. Custom properties are not initially displayed in this column until at least one custom property has been added.

Information Value
Data type: String


Value

Custom property value.

This column displays the value for the custom property (for example, true). The value can be a string or the value can be a true or false Boolean value.

Information Value
Data type: String or Boolean

  • Define and manage policy set bindings
  • Manage policy sets
  • Keys and certificates
  • Application policy sets collection
  • Application policy set settings
  • Search attached applications collection
  • Policy set bindings settings
  • Token generator collection
  • Token generator configuration settings
  • Token consumer collection
  • Token consumer configuration settings