Security header |
- @S11 :actor (for an intermediary)
- @S11:mustUnderstand
|
Security tokens |
- Username token (user name and password)
- Binary security token (X.509 and Lightweight Third Party Authentication
(LTPA))
- Custom token
|
Token references |
- Direct reference
- Key identifier
- Key name
- Embedded reference
|
Signature algorithms |
- Digest
- SHA1
- http://www.w3.org/2000/09/xmldsig#sha1
- MAC
- HMAC-SHA1
- http://www.w3.org/2000/09/xmldsig#hmac-sha1
- Signature
- DSA with SHA1
- http://www.w3.org/2000/09/xmldsig#dsa-sha1
- RSA with SHA1
- http://www.w3.org/2000/09/xmldsig#rsa-sha1
- Canonicalization
- Canonical XML (with comments)
- http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
- Canonical XML (without comments)
- http://www.w3.org/TR/2001/REC-xml-c14n-20010315
- Exclusive XML canonicalization (with comments)
- http://www.w3.org/2001/10/xml-exc-c14n#WithComments
- Exclusive XML canonicalization (without comments)
- http://www.w3.org/2001/10/xml-exc-c14n#
- Transform
- STR transform
- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform
- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soapmessage- security-1.0#STR-Transform
- XPath
- http://www.w3.org/TR/1999/REC-xpath-19991116
- Enveloped signature
- http://www.w3.org/2000/09/xmldsig#enveloped-signature
- XPath Filter2
- http://www.w3.org/2002/06/xmldsig-filter2
- Decryption transform
- http://www.w3.org/2002/07/decrypt#XML
|
Signature signed parts |
|
Encryption algorithms |
- Block encryption
- Triple DES in CBC: http://www.w3.org/2001/04/xmlenc#tripledes-cbc
- AES128 in CBC: http://www.w3.org/2001/04/xmlenc#aes128-cbc
- AES192 in CBC: http://www.w3.org/2001/04/xmlenc#aes192-cbc
This algorithm
requires the unrestricted JCE policy file. For more information, see the Key
encryption algorithm description in the Encryption information configuration settings.
- AES256 in CBC: http://www.w3.org/2001/04/xmlenc#aes256-cbc
This algorithm
requires the unrestricted JCE policy file. For more information, see the Key
encryption algorithm description in the Encryption information configuration settings.
- Key transport
- RSA Version 1.5: http://www.w3.org/2001/04/xmlenc#rsa-1_5
- Symmetric key wrap
- Triple DES key wrap: http://www.w3.org/2001/04/xmlenc#kw-tripledes
- AES key wrap (aes128): http://www.w3.org/2001/04/xmlenc#kw-aes128
- AES key wrap (aes192): http://www.w3.org/2001/04/xmlenc#kw-aes192
This
algorithm requires the unrestricted JCE policy file. For more information,
see the Key encryption algorithm description in the Encryption information configuration settings.
- AES key wrap (aes256): http://www.w3.org/2001/04/xmlenc#kw-aes256
This
algorithm requires the unrestricted JCE policy file. For more information,
see the Key encryption algorithm description in the Encryption information configuration settings.
- Manifests-xenc is the namespace prefix of http://www.w3.org/TR/xmlenc-core
- xenc:ReferenceList
- xenc:EncryptedKey
Advanced Encryption Standard (AES) is designed to provide stronger
and better performance for symmetric key encryption over Triple-DES. Therefore,
it is recommended that you use AES, if possible, for symmetric key encryption.
|
Encryption message parts |
- WebSphere Application Server keywords
- bodycontent, which is used to encrypt the SOAP body content
- usernametoken, which is used to encrypt the username token
- digestvalue, which is used to encrypt the digest value of the digital
signature
- XPath expression to select the XML element in the SOAP message
- XML elements
- XML element contents
|
Time stamp |
- Within Web services security header
- WebSphere Application Server is extended to allow you to insert time stamps
into other elements so that the age of those elements can be determined.
|
Error handling |
SOAP faults |