Policy Sets and Policy Set Bindings editor: Message Level Protection panel
Use this panel, which is in the Policy Sets section of the editor, to apply signatures and encryption to the whole message, whether inbound or outbound.
Field | Description and valid options |
---|---|
Message level protection | Select this check box to specify that message level protection (using digital signatures or encryption) is required. If this check box is selected the other fields on this panel are available, and you can use the associated panels to define signature and encryption policies. This field is cleared by default. |
Require signature confirmation | Select this check box to require signature confirmation. |
Include timestamp in security header | Select this check box to include a time stamp in the header. You can specify where the time stamp is placed in the header by using Security header layout. |
Security header layout | Specify rules for the layout of the security header: |
Tokens
Use this panel to define symmetric and asymmetric tokens to be used for signature and encryption.
Associate the asymmetric tokens that you define here with parts of the message that require signature and encryption. The tokens are also associated with private keys or X.509 Public Key Certificates (PKCs), which are part of public/private key pairs. Define one token for each distinct private key and PKC. The administrator can create any number of asymmetric X.509 tokens.
Associate the symmetric tokens that you define here with parts of the message that require signature and encryption. Only symmetric Kerberos tokens are supported. The administrator can create any number of Kerberos tokens.
You can edit this panel only if the Message level protection check box is selected on the Message Level Protection panel.
Field Name | Description and valid options |
---|---|
Token Name | Enter a name for the token. |
Token Type | Either: Initiator. You can change this value. | When you add a new row, this field defaults to
WS-Security Version | Either:
|
Token Type (Asymmetric) | Any of:
|
Token Type (Symmetric) | Any of:
|
Algorithms
Use this panel to set the supported cryptographic and canonicalization algorithms. Algorithms are used to reconcile XML differences.
You can edit this panel only if Message level protection is selected on the Message Level Protection panel.Field Name | Description and valid options |
---|---|
Algorithm suite | Select the algorithm that is required for performing
cryptographic operations with symmetric or asymmetric key-based security
tokens. All of the algorithm values in this field specify an algorithm
suite. Algorithm suites and the values they each represent are detailed
in the Web Services Security Policy Language (WS-SecurityPolicy) July
2005 Version 1.1 specification. The default algorithm is Basic128Rsa15.
|
Canonicalization algorithm | Select the type of canonicalization. The following
supported canonicalization algorithms are available in this list:
|
Use security token reference transformation | Select this check box to specify that the security token reference is transformed. The default state is cleared. |
Algorithm suite | Digest | Encryption | Symmetric Key Wrap | Asymmetric Key Wrap | Encryption key derivation | Signature key derivation | Minimum symmetric key length |
---|---|---|---|---|---|---|---|
Basic256 | Sha1 | Aes256 | KwAes256 | KwRsaOaep | PSha1L256 | PSha1L192 | 256 |
Basic192 | Sha1 | Aes192 | KwAes192 | KwRsaOaep | PSha1L192 | PSha1L192 | 192 |
Basic128 | Sha1 | Aes128 | KwAes128 | KwRsaOaep | PSha1L128 | PSha1L128 | 128 |
TripleDes | Sha1 | TripleDes | KwTripleDes | KwRsaOaep | PSha1L192 | PSha1L192 | 192 |
Basic256Rsa15 | Sha1 | Aes256 | KwAes256 | KwRsa15 | PSha1L256 | PSha1L192 | 256 |
Basic192Rsa15 | Sha1 | Aes192 | KwAes192 | KwRsa15 | PSha1L192 | PSha1L192 | 192 |
Basic128Rsa15 | Sha1 | Aes128 | KwAes128 | KwRsa15 | PSha1L128 | PSha1L128 | 128 |
TripleDesRsa15 | Sha1 | TripleDes | KwTripleDes | KwRsa15 | PSha1L192 | PSha1L192 | 192 |
Basic256Sha256 | Sha256 | Aes256 | KwAes256 | KwRsaOaep | PSha1L256 | PSha1L192 | 256 |
Basic192Sha256 | Sha256 | Aes192 | KwAes192 | KwRsaOaep | PSha1L192 | PSha1L192 | 192 |
Basic128Sha256 | Sha256 | Aes128 | KwAes128 | KwRsaOaep | PSha1L128 | PSha1L128 | 128 |
TripleDesSha256 | Sha256 | TripleDes | KwTripleDes | KwRsaOaep | PSha1L192 | PSha1L192 | 192 |
Basic256Sha256Rsa15 | Sha256 | Aes256 | KwAes256 | KwRsa15 | PSha1L256 | PSha1L192 | 256 |
Basic192Sha256Rsa15 | Sha256 | Aes192 | KwAes192 | KwRsa15 | PSha1L192 | PSha1L192 | 192 |
Basic128Sha256Rsa15 | Sha256 | Aes128 | KwAes128 | KwRsa15 | PSha1L128 | PSha1L128 | 128 |
TripleDesSha256Rsa15 | Sha256 | TripleDes | KwTripleDes | KwRsa15 | PSha1L192 | PSha1L192 | 192 |