Define and managing secure policy set bindings

Subtopics

• Configure the SSL transport policy
  Customize polciy sets to ensure message security by configuring the SSL transport policy.

• Transformation of policy and binding assertions for WSDL
  Web Services Security does not fully support the OASIS WS-SecurityPolicy Version 1.2 standard. However, several of the policy and binding assertions supported by WebSphere Application Server can be transformed and represented as WS-SecurityPolicy Version 1.2 assertions. The supported assertions are transformed when a Web Services Description Language (WSDL) or Web Services Metadata Exchange (WS-MEX) request is received in a message, and also when the client receives a policy containing WS-SecurityPolicy 1.2 assertions.

• Secure message parts
  If we are working with policy sets, then we can secure message parts using the administrative console. To secure message parts with WS-Security using policy sets, define the elements for the message parts to be protected in the WS-Security policy within a policy set.

• Signing and encrypting message parts using policy sets
  With web services, we can sign message parts, encrypt message parts, or both, based on the quality of service defined for a policy set. We can accomplish these actions by defining the binding information in a custom attachment binding.

• Configure the callers for general and default bindings
  The caller specifies the token or message part used for authentication.

• Changing the order of the callers for a token or message part
  Specifying a caller in default and general bindings indicates which token or tokens to use to create authentication credentials. When there are multiple tokens on an incoming message, the order of the callers determines which token is used for the credentials. We can rearrange the order of the callers using the administrative console.

• Policy set bindings settings for WS-Security
  View, define or configure general bindings and application specific properties for the WS-Security policy. We can configure the main policy or the secure conversation bootstrap policy by editing the general bindings.

• Inbound and outbound custom properties
  Set additional properties for inbound and outbound messages. We can specify custom properties that apply to both inbound and outbound messages or custom properties that apply to inbound messages only or outbound messages only.

• Keys and certificates
  Use this page to link to key and certificate binding configuration panels. This panel defines key and certificate bindings for JAX-WS web services only. These keys and certificates can be centrally managed by the product or in an external keystore.

• Key information settings
  Configure the key information for the selected policy set binding. Key information attributes define how cryptographic keys are generated or consumed.

• Certificate store settings
  Specify the location where certificates are stored. We can reference certificate revocation for service generators or consumers.

• Trust anchor settings
  Specify the trust anchor configuration. These trust anchor certificates are used to validate the X.509 certificate that is embedded in the SOAP message.

• WS-Security authentication and protection
  Configure authentication, protection, signature, and encryption information that the policy requires.

• WS-Security authentication and protection for general bindings
  Configure authentication, protection, signature, and encryption information that the policy requires when using general bindings.

• WS-Security authentication and protection for application specific bindings
  Configure authentication, signature, and encryption information that the policy requires when using application specific bindings.

• Protection token settings (generator or consumer)
  Configure protection tokens. Protection tokens sign messages to protect integrity or encrypt messages to provide confidentiality.

• Authentication generator or consumer token settings
  Authentication tokens are used to prove or assert an identity. Use the administrative console to add authentication token settings for message parts when we are editing a general binding.

• Callback handler settings for JAX-WS
  Configure callback handler settings for JAX-WS, which determine how security tokens are acquired from messages headers.

• Custom keystore settings
  Configure custom keystore files. Custom keystore files are alternatives to the key management support built into the WAS. The callback handler uses the custom version of the keystore configuration that includes keys.

• Caller settings
  Configure the caller settings. The caller specifies the token or message part used for authentication.

• Caller collection
  The caller specifies the token or message part to use for authentication. Use this administrative console page to access, view and configure the caller settings for message parts.

• Message expiration settings
  Define settings for message expiration, if and when messages expire. When we specify message expiration, the message expires after the specified interval of time passes.

• Actor roles settings
  Use this page to define settings for SOAP actor roles. The SOAP actor, also known as the SOAP role, defines the intermediary or ultimate recipient of a message.