Policy Sets and Policy Set Bindings editor: Message Part Policies panel

Use this panel, which is in the Policy Set Bindings section of the editor, to further configure any message part protection tokens defined in the associated policy set.

The panel has two tables: the first table is for tokens that are used to encrypt message parts. The second table is for tokens used to sign message parts.
The tables are prefilled, based on the following criteria:
  • Whether any message level protection tokens exist in the associated policy set.
  • Whether the type of the message level protection token is initiator or recipient.
  • Whether any message part protection tokens exist, and whether they define the message body, alias, Qname or XPath.
  • Whether the SOAP message type of the message part protection token is request or response.
  • Whether this policy set binding is defined as being a consumer or provider.
Each message part protection token that is added to one of the tables requires additional settings in either the Key information panel or the Kerberos Settings panel.

If you are using X.509 certificates, you must configure the IBM® Integration Bus runtime environment to refer to a keystore and truststore. You might also need to configure passwords for these stores, and specific key passwords. See Viewing and setting keystore and truststore runtime properties at integration node level for further information.

If you are using Kerberos tickets, you must provide client credentials for accessing the Kerberos Key Distribution Center (KDC). You can provide these credentials either through a Username and password token type in the message tree properties folder, or by using the mqsisetdbparms command. For more information, see Implementing WS-Security.


Column Name Description and valid options
Encryption Protection and Signature Protection Displays the names of any Message Part Protection tokens that require further configuration. The token name is displayed after either request: or response:, depending on the configuration of the token in the associated policy set.
Timestamp Either:
  • Yes
  • No
Nonce Either:
  • Yes
  • No
Encryption Either:
  • Data
  • Key
Token Click this column to see a list of all message level protection tokens. Select the token that is to be associated with the message part protection token.
Token Type Click this column to see a list of all token types. Token types can be specified for outbound policies and optionally for inbound policies. Select the appropriate token type from the list. Valid options are STRREF, KEYID, EMB, KEYNAME, and X509ISSUER.
Order Defines the order that response message part policies should be processed in. N/A is displayed where this column is not required for certain combinations of tokens.