安全上下文令牌

应用程序服务器中的 Web Services Trust (WS-Trust) 和 Web Services Secure Conversation (WS-SecureConversation) 支持提供了发出安全上下文令牌 (SCT) 的功能。对安全上下文令牌的请求由安全性令牌服务处理。

WebSphere® Application Server 的安全性令牌服务称为信任服务。但是,此应用程序服务器未提供全部安全性令牌服务(该服务实现该 WS-Trust 规范的所有内容)。

安全会话称为安全对话,因为所用的消息协议由 WS-SecureConversation 和 WS-Trust 定义。WebSphere Application Server 支持安全对话。

要请求安全上下文令牌,将 WS-Trust 和 WS-SecureConversation 协议定义的 RequestSecurityToken (RST) 发送至要与其建立安全对话的服务端点。这些请求将被透明地重新路由至信任服务。信任服务处理 RST 并用 RequestSecurityTokenResponse (RSTR) 进行响应。向请求者返回此响应,就好像它是由端点服务生成一样。

WebSphere Application Server 令牌提供程序支持限制为安全上下文令牌提供程序。应用程序服务器中的 WS-SecureConversation 着重于在安全对话的发起方与接收方之间建立安全上下文令牌。

WebSphere Application Server 包括在集群环境和非集群环境中以及在客户机和服务器上对安全上下文令牌的高速缓存支持。WebSphere Application Server 还对每个信任服务操作(发出、取消、验证和更新)提供信任策略集管理。可对与显式服务端点或信任服务缺省值相关的这些信任操作中的每个操作管理信任系统策略集。当没有显式连接时,将强制使用信任操作的缺省信任服务策略集。

有关受支持的 WS-Trust 功能,请参阅有关 Web Services Trust 的信息。

对于安全上下文令牌,您可以:
  • 为 WS-SecureConversation 配置安全上下文令牌提供程序(包括发布、更新和取消操作)。
  • 配置信任服务以发出用于访问特定端点服务(目标)的安全上下文令牌。
  • 配置访问信任服务和应用程序的安全性要求。WebSphere Application Server 提供预先配置的应用程序策略集和信任服务策略集以帮助进行此配置。
  • 为四个信任服务操作(发出、取消、验证和更新)中的每一个定义系统策略。将对缺省或特定端点服务配置这些策略。请注意,此处不支持修订操作。
安全上下文令牌提供程序不支持以下操作:
  • WS-SecureConversation 修订
  • 协商以建立安全对话
  • WS-Trust 密钥交换请求
  • 由客户机发起的 RequestSecurityTokenResponse (RSTR) 和 RequestSecurityTokenResponseCollection (RSTRC) 请求
  • WS-SecurityPolicy 信任声明

定义

为了更好地了解安全性令牌,定义了以下术语:

安全性令牌
安全性令牌表示一组声明。
安全上下文
安全上下文是一个抽象概念,指的是已建立认证状态和可具有其他与安全性相关的属性的一个或多个已协商密钥。安全上下文需要先由通信方创建和共享才能使用。安全上下文在通信会话的生存期内在通信方之间共享,并且安全上下文令牌是此抽象安全上下文的有线表示。

WebSphere Application Server 不支持由通信方之一创建且通过消息传播的安全上下文令牌

WebSphere Application Server 不支持通过协商和交换创建安全上下文令牌。
安全上下文令牌
安全上下文令牌是安全上下文抽象概念的有线表示,它允许由 URI 命名上下文并与 Web Service 安全性配合使用。在两方之间使用安全上下文令牌进行的受保护通信用 WS-Trust 和 WS-SecureConversation 实现。
安全性令牌服务
安全性令牌服务 (STS) 是发放安全性令牌的 Web Service,这意味着它根据自己信任的证据向信任它的任何人(或特定接收方)发出声明。
信任服务
信任服务就是 Websphere Application Server 提供的安全性令牌服务和支持代码。
RequestSecurityToken (RST)
RST 是发送给安全性令牌服务以请求安全性令牌的消息。
RequestSecurityToken 响应 (RSTR)
RSTR 是在接收到 RST 消息后,对来自安全性令牌服务对安全性令牌的请求向请求者作出的响应。

为使通信可信任,服务需要证明(例如签名)以证明知晓一个或一组安全性令牌。服务本身可以生成令牌,或者它可依赖独立的安全性令牌服务来用它自己的信任语句发出安全性令牌。注意,对于某些安全性令牌格式,通信信任可能只是组成信任代理基础的重新发出或共同签名。

<wsc:SecurityContextToken> 元素的语法

安全上下文在通信会话的生存期内在通信方之间共享,并且安全上下文令牌是此抽象安全上下文的有线表示。

在 WS-SecureConversation 规范中,安全上下文由 <wsc:SecurityContextToken> 安全性令牌表示。以下 URI 表示建立安全对话所需的安全上下文令牌类型。
http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct

<wsc:SecurityContextToken> 元素的语法如下所示:

<wsc:SecurityContextToken wsu:Id="..." ...>
    <wsc:Identifier>...</wsc:Identifier>
    <wsc:Instance>...</wsc:Instance>
    ...
</wsc:SecurityContextToken>

安全上下文令牌不支持通过使用密钥标识或密钥名称进行引用。所有引用都必须在安全上下文令牌中使用标识(属于 wsu:Id 属性)或使用对 <wsc:Identifier> 元素的 URI 引用 (<wsse:Reference>)。

发出安全性令牌的 RST 和 RSTR 示例

以下示例显示发出安全性令牌的 RST 请求。在此示例中使用的 URI http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct 表示令牌类型:

<wsc:SecurityContextToken>
<soapenv:Envelope
	xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

   <soapenv:Header>
		<wsa:To xmlns:wsa="http://www.w3.org/2005/08/addressing"
			soapenv:mustUnderstand="0">
			http://localhost:80/WSSampleSei/EchoService
		</wsa:To>
		<wsa:MessageID xmlns:wsa="http://www.w3.org/2005/08/addressing"
			soapenv:mustUnderstand="0">
			fc0632828e1252b4:487cee53:11cbfa7916e:-7fb6
		</wsa:MessageID>
		<wsa:Action xmlns:wsa="http://www.w3.org/2005/08/addressing"
			soapenv:mustUnderstand="0">
			http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT
		</wsa:Action>
	</soapenv:Header>

 <soapenv:Body>
		
		<wst:RequestSecurityToken
			xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
			Context="http://www.ibm.com/login/">
			<wst:TokenType>
				http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct
			</wst:TokenType>
			<wst:RequestType>
				http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
			</wst:RequestType>
			<wsp:AppliesTo
				xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
				-
				<wsa:EndpointReference
					xmlns:wsa="http://www.w3.org/2005/08/addressing">
					<wsa:Address>
						http://localhost:80/WSSampleSei/EchoService
					</wsa:Address>
				</wsa:EndpointReference>
			</wsp:AppliesTo>
			<wst:Entropy>
				<wst:BinarySecret
					Type="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce">
					zb//KsawV6DmfC8kB6vNOQ==
				</wst:BinarySecret>
			</wst:Entropy>
			<wst:KeySize>128</wst:KeySize>
		</wst:RequestSecurityToken>
	</soapenv:Body>
</soapenv:Envelope>

此示例显示发布安全性令牌的 RSTR 请求:

<soapenv:Envelope
	xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

 <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
		<wsa:Action>
			http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT
		</wsa:Action>
		<wsa:RelatesTo>
			fc0632828e1252b4:487cee53:11cbfa7916e:-7fb6
		</wsa:RelatesTo>
	</soapenv:Header>

 <soapenv:Body>
		<wst:RequestSecurityTokenResponseCollection
			xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
			<wst:RequestSecurityTokenResponse
				Context="http://www.ibm.com/login/">
				<wst:RequestedSecurityToken>
					<wsc:SecurityContextToken
						xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
						xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
						wsu:Id="uuid:FFA51A32EB818FB6EA1222986227363">
						<wsc:Identifier>
							uuid:FFA51A32EB818FB6EA1222986227346
						</wsc:Identifier>
						<wsc:Instance>
							uuid:FFA51A32EB818FB6EA1222986227345
						</wsc:Instance>
					</wsc:SecurityContextToken>
				</wst:RequestedSecurityToken>
				<wsp:AppliesTo
					xmlns:wsp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<wsa:EndpointReference
						xmlns:wsa="http://www.w3.org/2005/08/addressing">
						<wsa:Address>
							http://localhost:80/WSSampleSei/EchoService
						</wsa:Address>
					</wsa:EndpointReference>
				</wsp:AppliesTo>
				<wst:RequestedProofToken>
					<wst:ComputedKey>
						http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1
					</wst:ComputedKey>
				</wst:RequestedProofToken>
				<wst:Entropy>
					<wst:BinarySecret
						Type="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce">
						rF1Yp5zhRhamLQNPAOm4TA==
					</wst:BinarySecret>
				</wst:Entropy>
				<wst:Lifetime>
					<wsu:Created
						xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
						2008-10-02T22:23:44.765Z
					</wsu:Created>
					<wsu:Expires
						xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
						2008-10-02T22:35:44.765Z
					</wsu:Expires>
				</wst:Lifetime>
				<wst:RequestedAttachedReference>
					<wsse:SecurityTokenReference
						xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
						<wsse:Reference
							URI="#uuid:FFA51A32EB818FB6EA1222986227363"
							ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct" />
					</wsse:SecurityTokenReference>
				</wst:RequestedAttachedReference>
				<wst:RequestedUnattachedReference>
					<wsse:SecurityTokenReference
						xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
						<wsse:Reference
							URI="uuid:FFA51A32EB818FB6EA1222986227346"
							ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct" />
					</wsse:SecurityTokenReference>
				</wst:RequestedUnattachedReference>
				<wst:Renewing Allow="true" OK="false" />
				<wst:KeySize>128</wst:KeySize>
			</wst:RequestSecurityTokenResponse>
		</wst:RequestSecurityTokenResponseCollection>
	</soapenv:Body>
</soapenv:Envelope>

取消安全性令牌的 RST 和 RSTR 示例

以下示例显示取消安全性令牌的 RST 请求。

<soapenv:Envelope
	xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

 <soapenv:Header>
		<wsa:To xmlns:wsa="http://www.w3.org/2005/08/addressing"
			soapenv:mustUnderstand="0">
			http://localhost:80/WSSampleSei/EchoService
		</wsa:To>
		<wsa:MessageID xmlns:wsa="http://www.w3.org/2005/08/addressing"
			soapenv:mustUnderstand="0">
			fc0632828e1252b4:-270287b7:11cc22c16ed:-7fa8
		</wsa:MessageID>
		<wsa:Action xmlns:wsa="http://www.w3.org/2005/08/addressing"
			soapenv:mustUnderstand="0">
			http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel
		</wsa:Action>
	</soapenv:Header>

 <soapenv:Body>
		<wst:RequestSecurityToken
			xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
			Context="http://www.ibm.com/login/">
			<wst:TokenType>
				http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct
			</wst:TokenType>
			<wst:RequestType>
				http://docs.oasis-open.org/ws-sx/ws-trust/200512/Cancel
			</wst:RequestType>
			<wsp:AppliesTo
				xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
				<wsa:EndpointReference
					xmlns:wsa="http://www.w3.org/2005/08/addressing">
					<wsa:Address>
						http://localhost:80/WSSampleSei/EchoService
					</wsa:Address>
				</wsa:EndpointReference>
			</wsp:AppliesTo>
			<wst:CancelTarget>
				<wsc:SecurityContextToken
					xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
					xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
					wsu:Id="uuid:AC4764EB4BE91011501223028453769">
					<wsc:Identifier>
						uuid:AC4764EB4BE91011501223028453768
					</wsc:Identifier>
					<wsc:Instance>
						uuid:AC4764EB4BE91011501223028453751
					</wsc:Instance>
				</wsc:SecurityContextToken>
			</wst:CancelTarget>
		</wst:RequestSecurityToken>
	</soapenv:Body>
</soapenv:Envelope>

以下示例显示取消安全性令牌的 RSTR 请求:

<soapenv:Envelope
	xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
	xmlns:wsa="http://www.w3.org/2005/08/addressing">

 <soapenv:Header>
        <wsa:Action>
			       http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Cancel
		    </wsa:Action>
		    <wsa:RelatesTo>
			       fc0632828e1252b4:-270287b7:11cc22c16ed:-7fa8
		    </wsa:RelatesTo>
	  </soapenv:Header>

  <soapenv:Body>
		    <wst:RequestSecurityTokenResponse
		         Context="http://www.ibm.com/login/" 
                xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
			      <wst:RequestedTokenCancelled>
		    </wst:RequestSecurityTokenResponse>
   </soapenv:Body>
</soapenv:Envelope>

更新安全性令牌的 RST 和 RSTR 示例

以下示例显示更新安全性令牌的 RST 请求。

<soapenv:Envelope
	xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

	<soapenv:Header>
		<wsa:To xmlns:wsa="http://www.w3.org/2005/08/addressing"
			soapenv:mustUnderstand="0">
			http://localhost:80/WSSampleSei/EchoService
		</wsa:To>
		<wsa:MessageID xmlns:wsa="http://www.w3.org/2005/08/addressing"
			soapenv:mustUnderstand="0">
			fc0632828e1252b4:487cee53:11cbfa7916e:-7f8e
		</wsa:MessageID>
		<wsa:Action xmlns:wsa="http://www.w3.org/2005/08/addressing"
			soapenv:mustUnderstand="0">
			http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew
		</wsa:Action>
	</soapenv:Header>

  <soapenv:Body>
		<wst:RequestSecurityToken
			xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
			Context="http://www.ibm.com/login/">
			<wst:TokenType>
				http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct
			</wst:TokenType>
			<wst:RequestType>
				http://docs.oasis-open.org/ws-sx/ws-trust/200512/Renew
			</wst:RequestType>
			<wst:RenewTarget>
				<wsc:SecurityContextToken
					xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
					xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
					wsu:Id="uuid:FFA51A32EB818FB6EA1223026418869">
					<wsc:Identifier>
						uuid:FFA51A32EB818FB6EA1223026418868
					</wsc:Identifier>
					<wsc:Instance>
						uuid:FFA51A32EB818FB6EA1223026418867
					</wsc:Instance>
				</wsc:SecurityContextToken>
			</wst:RenewTarget>
			<wsp:AppliesTo
				xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
				<wsa:EndpointReference
					xmlns:wsa="http://www.w3.org/2005/08/addressing">
					<wsa:Address>
						http://localhost:80/WSSampleSei/EchoService
					</wsa:Address>
				</wsa:EndpointReference>
			</wsp:AppliesTo>
			<wst:Entropy>
				<wst:BinarySecret
					Type="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce">
					U8rH9l/wLV1gpsBf/yCooA==
				</wst:BinarySecret>
			</wst:Entropy>
			<wst:KeySize>128</wst:KeySize>
		</wst:RequestSecurityToken>
	</soapenv:Body>
</soapenv:Envelope>

以下示例显示更新安全性令牌的 RSTR 请求:

<soapenv:Envelope
	xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

 <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
		<wsa:Action>
			http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal
		</wsa:Action>
		<wsa:RelatesTo>
			fc0632828e1252b4:487cee53:11cbfa7916e:-7f8e
		</wsa:RelatesTo>
	</soapenv:Header>

 <soapenv:Body>
		<wst:RequestSecurityTokenResponse
			xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
			Context="http://www.ibm.com/login/">
			<wst:RequestedSecurityToken>
				<wsc:SecurityContextToken
					xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
					xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
					wsu:Id="uuid:FFA51A32EB818FB6EA1223026990448">
					<wsc:Identifier>
						uuid:FFA51A32EB818FB6EA1223026418868
					</wsc:Identifier>
					<wsc:Instance>
						uuid:FFA51A32EB818FB6EA1223026990447
					</wsc:Instance>
				</wsc:SecurityContextToken>
			</wst:RequestedSecurityToken>
			<wst:Entropy>
				<wst:BinarySecret
					Type="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce">
					lFkKSI/pajtTZzRpQalNMA==
				</wst:BinarySecret>
			</wst:Entropy>
			<wst:Lifetime>
				<wsu:Created
					xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
					2008-10-03T09:43:07.421Z
				</wsu:Created>
				<wsu:Expires
					xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
					2008-10-03T09:55:07.421Z
				</wsu:Expires>
			</wst:Lifetime>
			<wst:RequestedAttachedReference>
				<wsse:SecurityTokenReference
					xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
					<wsse:Reference
						URI="#uuid:FFA51A32EB818FB6EA1223026990448"
						ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct">
					</wsse:Reference>
				</wsse:SecurityTokenReference>
			</wst:RequestedAttachedReference>
			<wst:Renewing Allow="true" OK="false"></wst:Renewing>
		</wst:RequestSecurityTokenResponse>
	</soapenv:Body>
</soapenv:Envelope>

验证安全性令牌的 RST 和 RSTR 示例

以下示例显示验证安全性令牌的 RST 请求。

<soapenv:Envelope
	xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

 <soapenv:Header>
		<wsa:To xmlns:wsa="http://www.w3.org/2005/08/addressing"
			soapenv:mustUnderstand="0">
			http://localhost:80/WSSampleSei/EchoService
		</wsa:To>
		<wsa:MessageID xmlns:wsa="http://www.w3.org/2005/08/addressing"
			soapenv:mustUnderstand="0">
			fc0632828e1252b4:-673f2c18:11cc328886a:-7fa7
		</wsa:MessageID>
		<wsa:Action xmlns:wsa="http://www.w3.org/2005/08/addressing"
			soapenv:mustUnderstand="0">
			http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate
		</wsa:Action>
	</soapenv:Header>

  <soapenv:Body>
		<wst:RequestSecurityToken
			xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
			Context="http://www.ibm.com/login/">
			<wst:TokenType>
				http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct
			</wst:TokenType>
			<wst:RequestType>
				http://docs.oasis-open.org/ws-sx/ws-trust/200512/Validate
			</wst:RequestType>
			<wst:ValidateTarget>
				<wsc:SecurityContextToken
					xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
					xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
					wsu:Id="uuid:6B77A2DA28C1E523BD1223045150688">
					<wsc:Identifier>
						uuid:6B77A2DA28C1E523BD1223045150687
					</wsc:Identifier>
					<wsc:Instance>
						uuid:6B77A2DA28C1E523BD1223045150670
					</wsc:Instance>
				</wsc:SecurityContextToken>
			</wst:ValidateTarget>
			<wsp:AppliesTo
				xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
				<wsa:EndpointReference
					xmlns:wsa="http://www.w3.org/2005/08/addressing">
					<wsa:Address>
						http://localhost:80/WSSampleSei/EchoService
					</wsa:Address>
				</wsa:EndpointReference>
			</wsp:AppliesTo>
		</wst:RequestSecurityToken>
	</soapenv:Body>
</soapenv:Envelope>

以下示例显示验证安全性令牌的 RSTR 请求:

<soapenv:Envelope
	xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

 <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
		<wsa:Action>
			http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal
		</wsa:Action>
		<wsa:RelatesTo>
			fc0632828e1252b4:-673f2c18:11cc328886a:-7fa7
		</wsa:RelatesTo>
	</soapenv:Header>

 <soapenv:Body>
		<wst:RequestSecurityTokenResponse
			xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
			Context="http://www.ibm.com/login/">
			<wst:Status>
				<wst:Code>
					http://docs.oasis-open.org/ws-sx/ws-trust/200512/status/valid
				</wst:Code>
			</wst:Status>
		</wst:RequestSecurityTokenResponse>
	</soapenv:Body>
</soapenv:Envelope>

有关其他信息,请查看讨论建立安全上下文令牌的两个示例方案主题。


指示主题类型的图标 概念主题



时间戳记图标 最近一次更新时间: last_date
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=cwbs_seccontexttoken
文件名:cwbs_seccontexttoken.html