Inbound WS-Security configuration [Settings]

WS-Security configuration for an inbound request. This defines WS-Security requirements for the request consumed from the client and the response generated. The objects created may be applied to one or more inbound ports.

To view this page in the console, click the following path:

Service integration -> Web services -> WS-Security configurations -> v1-inbound-config_name .

You can configure the service integration bus for secure transmission of SOAP messages by using tokens, keys, signatures and encryption in accordance with the Web Services Security (WS-Security) 1.0 specification.

Alternatively, you can configure the bus in accordance with the previous WS-Security specification, WS-Security Draft 13 (also known as the Web Services Security Core Specification). However, use of the WS-Security Draft 13 specification is deprecated, and you should only use it to allow continued use of an existing web services client application that has been written to the WS-Security Draft 13 specification.

You use an inbound configuration to secure the SOAP messages that pass between a service requester (client) and an inbound service (which acts as a target web service). The configuration specifies the level of security that you require (for example "The body must be signed"). This level of security is then implemented through the run-time information contained in the following types of WS-Security binding:

For WS-Security Version 1.0:

  • request consumer, for use when consuming requests from a client to an inbound service.
  • response generator, for use when generating responses from an inbound service to a client.

For WS-Security Draft 13:

  • request receiver, for use when receiving requests from a client to an inbound service.
  • response sender, for use when sending responses from an inbound service to a client.

WS-Security configurations are administered independently from any web service that uses them, so you can create an inbound configuration then apply it to many inbound services.

Configuration tab

The Configuration tab shows configuration properties for this object. These property values are preserved even if the runtime environment is stopped then restarted. See the information center task descriptions for information about how to apply configuration changes to the runtime environment.

General Properties

WS-Security version

Identifies the version of the WS-Security specification this configuration uses.

Required No
Data type String

Service type

The type of service the WS-Security configuration applies to.

Required No
Data type String

Name

The name of the inbound WS-Security configuration.

This name must be unique across both WS-Security Version 1.0 and Draft 13 Inbound configurations, and it must obey the following syntax rules:
  • It must not start with "." (a period).
  • It must not start or end with a space.
  • It must not contain any of the following characters: \ / , # $ @ : ; " * ? < > | = + & % '
Required Yes
Data type String

Actor URI

WS-Security headers within the consumed request message will only be processed if they have the specified Actor URI.

Required No
Data type String

Request consumer

Required integrity
Specifies the integrity constraints consumed messages must meet. This includes specifying which message parts within the incoming message must be digitally signed, and the message parts to which attached digitally signed Nonce and time stamp elements are expected.
Required confidentiality
Specifies the confidentiality constraints consumed messages must meet. This includes specifying which message parts within the incoming message must be encrypted, and the message parts to which attached encrypted Nonce and time stamp elements are expected.
Required security token
Specifies accepted stand-alone security tokens within a consumed message. Stand-alone security tokens are those not already used for signature or encryption. Defining a required security token means that messages containing a token of that type will be processed according to the usage assertion. The security token will not be used for authentication unless it is also specified within a caller.
Caller
Specifies the security token, signed part or encrypted part used for authentication. If a signed or encrypted part is used, the value of the part attribute must be the name of a defined required integrity or required confidentiality constraint. If a stand-alone security token is used for authentication, then the URI and local name attributes must define the type of security token used for authentication.
Add time stamp
When add time stamp is specified for a consumer, a time stamp is added indicating when the message was consumed. For a generator, a time stamp is added indicating when the message was generated.
Properties
General properties for the inbound WS-Security configuration.

Response generator

Actor
Defines the Actor URI to be included in WS-Security headers of generated response.
Integrity
Specifies the integrity constraints applied to generated messages. This includes specifying which message parts within the generated message must be digitally signed, and the message parts to attach digitally signed Nonce and time stamp elements to.
Confidentiality
Specifies the confidentiality constraints applied to generated messages. This includes specifying which message parts within the generated message must be encrypted, and the message parts to attach encrypted Nonce and time stamp elements to.
Security Token
Specifies stand-alone security tokens to insert into the generated message. Stand-alone security tokens are those not already used for signature or encryption. Standard and custom security tokens may be defined by URI and local name.
Add time stamp
When add time stamp is specified for a consumer, a time stamp is added indicating when the message was consumed. For a generator, a time stamp is added indicating when the message was generated.
Properties
General properties for the inbound WS-Security configuration.





Terms of Use | Feedback

Last updatedLast updated: Sep 19, 2011 6:15:55 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-express-dist&topic=SIBWSSecurityInboundConfig_DetailForm
File name: SIBWSSecurityInboundConfig_DetailForm.html