Fix Pack 8550

UsernameToken as an EndorsingToken and an X509Token symmetric for message protection

With X509Token symmetric protection, an ephemeral key is created to sign and encrypt the message. The ephemeral key is encrypted using the receiver's public certificate. A UsernameToken with derived keys is used for authentication. The message signature is signed using the UsernameToken's derived key. There is also a message Timestamp.

This policy template can be used if HTTP transport is not supported, the service has an X509 token and supports a UsernameToken, and the service requires the client to endorse the message.

The following policy shows a UsernameToken as an EndorsingToken and an X509Token symmetric for message protection:
<wsp:Policy wsu:Id="UsernameTokenAsEndorsingAndX509Symmetric">
  <wsp:ExactlyOne>
    <wsp:All>
      <sp:SymmetricBinding>
        <wsp:Policy>
          <sp:ProtectionToken>
            <wsp:Policy>
              <sp:X509Token
                sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                <wsp:Policy>
                  <sp:WssX509V3Token10 />
                </wsp:Policy>
              </sp:X509Token>
            </wsp:Policy>
          </sp:ProtectionToken>
          <sp:Layout>
            <wsp:Policy>
              <sp:Lax />
            </wsp:Policy>
          </sp:Layout>
          <sp:IncludeTimestamp />
          <sp:OnlySignEntireHeadersAndBody />
          <sp:AlgorithmSuite>
            <wsp:Policy>
              <sp:Basic128 />
            </wsp:Policy>
          </sp:AlgorithmSuite>
        </wsp:Policy>
      </sp:SymmetricBinding>
      <sp:SignedEndorsingEncryptedSupportingTokens>
        <wsp:Policy>
          <sp:UsernameToken
            sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
            <wsp:Policy>
              <sp:WssUsernameToken10 />
              <sp:RequireDerivedKeys />
            </wsp:Policy>
          </sp:UsernameToken>
        </wsp:Policy>
      </sp:SignedEndorsingEncryptedSupportingTokens>
      <sp:SignedParts>
        <sp:Body />
      </sp:SignedParts>
      <sp:EncryptedParts>
        <sp:Body />
      </sp:EncryptedParts>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>
The namespaces used in this example are:

Icon that indicates the type of topic Concept topic

Terms and conditions for information centers | Feedback


Timestamp icon Last updated: Monday, 21 April 2014
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-nd-mp&topic=cwlp_wssec_templates_scenario3
File name: cwlp_wssec_templates_scenario3.html