Resource Bundle com.akana.console.policy.jose / JOSESecurityPolicyApplicationResources Information

com.akana.console.policy.jose.audit.help.paragraph

The "Specify Security Audit Options" screen allows you to configure whether you want audit data captured for all message exchanges or only when errors occur on a message exchange. Select one of the following options:Generate Audit Data - Captures success and failure audit data for all message exchanges.Audit on Error Only - Captures audit data only when an error occurs on a message exchange.Select an option and click "Finish."

com.akana.console.policy.jose.audit.help.title

Specify JOSE Security Audit Options

com.akana.console.policy.jose.audit.options.title

JOSE Security Audit Options

com.akana.console.policy.jose.detail.title

JOSE Security Policy Options

com.akana.console.policy.jose.embed.key

Embed Key

com.akana.console.policy.jose.encrypt.content

Encrypt Content

com.akana.console.policy.jose.encryption.algo

Encryption Algorithm

com.akana.console.policy.jose.finish.detail

You have successfully completed the "Modify JOSE Security Policy Wizard". Review the summary information for policy configuration details.

com.akana.console.policy.jose.finish.title

Completion Summary

com.akana.console.policy.jose.help.paragraph

The "Specify JOSE Security Policy Options" page allows you to configure use of JOSE Security Policy, specifically the subject category the authenticated identity will be used as.Five sections are displayed. The first section, "Protection Scope", identifies which messages in a message exchange should be governed by the policy. The choices are IN, OUT, and FAULT. Selecting "IN" option indicates all IN messages will be protected by this policy. Selecting "OUT" option indicates all OUT messages will be protected by this policy. Selecting "FAULT" option indicates all FAULT messages will be protected by this policy.The "Serialization" section provides the choice of using either Compact or JSON serialization. Selecting "Compact" option specifies the use of Compact serialization, and selecting "JSON" option specifies the use of JSON serialization. The "Sign Content" section specifies the algorithm that will be used to sign the message content using the selected Signature/MAC algorithm. Selecting "Embed Key" option requires the public key of the private key used to sign the content to be embedded in the structure in the "jwk" header.The "Encrypt Content" section specifies the algorithms that are used to encrypt the message content using the selected Encryption Algorithm. The encryption key can be protected by selecting an optional Key Management Algorithm. Selecting "Embed Key" option requires the public key used to encrypt the content to be embedded in the structure in the "jwk" header.The "Initiator Subject Category" allows the user to specify the identity of the initiator of the message exchange. It is this identity whose private key is used to sign the IN message and whose public key is used to encrypt OUT and FAULT messages. Predefined categories include Consumer, and End-User. The "User-Defined" option allows you to specify a custom category name. Selecting "None" option indicates the selection of the identity whose keys to use for signing and encrypting content is left to the manageability container and not specified by this policy.

com.akana.console.policy.jose.help.title

Specify JOSE Security Policy Options

com.akana.console.policy.jose.initiator.subject.category

Initiator Subject Category

com.akana.console.policy.jose.key.management.algo

Key Management Algorithm

com.akana.console.policy.jose.modify.helpid

543

com.akana.console.policy.jose.modify.label

Modify

com.akana.console.policy.jose.modify.title

Modify JOSE Security Policy Wizard

com.akana.console.policy.jose.onerroronly.checkbox.title

On Error Only

com.akana.console.policy.jose.options.label

Options

com.akana.console.policy.jose.policy.content.not.defined

Policy content not defined.

com.akana.console.policy.jose.policy.key

Policy Key

com.akana.console.policy.jose.policy.type.consumer

Consumer

com.akana.console.policy.jose.policy.type.enduser

End-User

com.akana.console.policy.jose.policy.type.none

None

com.akana.console.policy.jose.policy.type.userdefined

User Defined

com.akana.console.policy.jose.protection.scope

Protection Scope

com.akana.console.policy.jose.protection.scope.fault

FAULT

com.akana.console.policy.jose.protection.scope.in

IN

com.akana.console.policy.jose.protection.scope.out

OUT

com.akana.console.policy.jose.securityaudit.checkbox.title

Generate Audit Data

com.akana.console.policy.jose.serialization

Serialization

com.akana.console.policy.jose.sign.content

Sign Content

com.akana.console.policy.jose.signature.mac.algo

Signature/MAC Algorithm

com.akana.console.policy.jose.summary

Summary

com.akana.console.policy.jose.v2.audit.help.paragraph

If you want audit data for transactions governed by this policy, check Generate Audit Data. If you want audit data only for fault transactions, check both boxes.

com.akana.console.policy.jose.v2.audit.help.title

Specify JOSE Security Policy v2 Audit Options

com.akana.console.policy.jose.v2.audit.options.title

JOSE Security Policy v2 Audit Options

com.akana.console.policy.jose.v2.custom.headers

Custom Headers

com.akana.console.policy.jose.v2.encrypted.content

Encrypted Content

com.akana.console.policy.jose.v2.enforce.detached.content

Enforce Appendix F

com.akana.console.policy.jose.v2.enforce.open.banking

Enforce Open Banking

com.akana.console.policy.jose.v2.finish.detail

You have successfully completed the Modify JOSE Security Policy v2 Wizard. Review the policy configuration details in the summary and then click Close.

com.akana.console.policy.jose.v2.header.key

Header

com.akana.console.policy.jose.v2.header.parameter

Header Parameter Name

com.akana.console.policy.jose.v2.header.value

Value

com.akana.console.policy.jose.v2.in.CONSUMER.options.paragraph

On this page you can determine signing and encryption settings, for outgoing messages and/or fault messages, depending on your selections on the first page of policy configuration settings. The same set of configuration options applies to both OUT and FAULT messages.Signed Content: The Subject Category is the identity that verifies the signature. It can be Consumer, End User, or User Defined. If you choose Consumer, you can specify JWKS URL if the consumer is an App. If you choose User Defined, specify a custom category name.Encrypted Content: The Subject Category is the identity that verifies the encrypted content. Choose Service or User Defined (specify the custom category name).Private Headers: You can specify one or more private headers; check the box and specify the header name and value.

com.akana.console.policy.jose.v2.in.detail.title

JOSE Security Policy v2 IN Message Options for

com.akana.console.policy.jose.v2.in.options.paragraph

On this page you can determine signing and encryption settings, for incoming messages.Signed Content: The Subject Category is the identity that verifies the signature. It can be Consumer, End User, or User Defined. If you choose Consumer, you can specify JWKS URL if the consumer is an App. If you choose User Defined, specify a custom category name.Encrypted Content: The Subject Category is the identity that verifies the encrypted content. Choose Service or User Defined (specify the custom category name).Private Headers: You can specify one or more private headers; check the box and specify the header name and value.

com.akana.console.policy.jose.v2.in.options.title

Specify JOSE Security Policy v2 IN Message Options

com.akana.console.policy.jose.v2.modify.detail.title

JOSE Security Policy v2 Options

com.akana.console.policy.jose.v2.modify.helpid

543

com.akana.console.policy.jose.v2.modify.options.paragraph

On this page you can configure the high-level settings that determine how the JOSE Security Policy v2 will work.Protection Scope: Identifies which messages in a message exchange are governed by the policy. Choose any combination of IN, OUT, or FAULT.Serialization: Choose Compact (dot-separated, consumes less bandwidth) or JSON (key-value pairs, more human-readable).Role: Determines whether the policy is applied to messages to and from the client (Provider) or the downstream service (Consumer).Unencoded Detached Payload: Checking this box excludes the payload from the signed and/or encrypted portion of the message. Instead, the payload is sent in the message body, unencoded. If you want unencoded detached payload, specify the Header Parameter Name, the name of the header containing a detached JWS signature of the body of the payload. Enforce Appendix F can only be selected for Provider role.If you want the signing/encryption to apply to all parts of the message, including the payload, leave this box cleared (the default).UK Open Banking: To enforce compliance with the UK Open Banking specification, such as application/json content and specific headers, check the box and specify the version. For Version 3.1, you can provide a custom documentation URL for error messages.

com.akana.console.policy.jose.v2.modify.options.title

Specify JOSE Security Policy v2 Options

com.akana.console.policy.jose.v2.modify.title

Modify JOSE Security Policy v2 (Unencoded Payload Support) Wizard

com.akana.console.policy.jose.v2.open.banking.version

Open Banking Version

com.akana.console.policy.jose.v2.out.CONSUMER.options.paragraph

On this page you can determine signing and encryption settings for incoming messages.Sign Content: Checking this box indicates that inbound messages will be signed. Choose the Signature/MAC Algorithm to use for signing. Embed: Embeds the public key in the signed content, so that the client can use the key to verify the signature. Subject Category is the identity of the signed content. Choose Service or User Defined (specify the category name). If a Custom Header is used for the signed content, check the box and specify the header name and value.Encrypt Content: Checking this box indicates that inbound messages will be encrypted. Choose the Encryption Algorithm to use for encrypting. You can also specify a Key Management Algorithm, from the list of supported options. The Subject Category is the identity of the encrypted content for IN messages. Choose Consumer, End User, or User Defined (specify the category name).Private Headers: You can specify one or more private headers; check the box and specify the header name and value.

com.akana.console.policy.jose.v2.out.detail.title

JOSE Security Policy v2 OUT Message Options for

com.akana.console.policy.jose.v2.out.options.paragraph

On this page you can determine signing and encryption settings for outgoing messages and/or fault messages, depending on your selections on the first page of policy configuration settings. The same set of configuration options applies to both OUT and FAULT messages.Sign Content: Checking this box indicates that outbound/fault messages will be signed. Choose the Signature/MAC Algorithm to use for signing. Embed: Embeds the public key in the signed content, so that the client can use the key to verify the signature. Subject Category is the identity of the signed content. Choose Service or User Defined (specify the category name). If a Custom Header is used for the signed content, check the box and specify the header name and value.Encrypt Content: Checking this box indicates that outbound/fault messages will be encrypted. Choose the Encryption Algorithm to use for encrypting. You can also specify a Key Management Algorithm, from the list of supported options. The Subject Category is the identity of the encrypted content for OUT and/or FAULT messages. Choose Consumer, End User, or User Defined (specify the category name).Private Headers: You can specify one or more private headers; check the box and specify the header name and value.

com.akana.console.policy.jose.v2.out.options.title

Specify JOSE Security Policy v2 OUT Message Options

com.akana.console.policy.jose.v2.payload

Unencoded Detached Payload

com.akana.console.policy.jose.v2.private.headers

Private Headers

com.akana.console.policy.jose.v2.role

Role

com.akana.console.policy.jose.v2.role.CONSUMER

Consumer

com.akana.console.policy.jose.v2.role.PROVIDER

Provider

com.akana.console.policy.jose.v2.scope

Protection Scope

com.akana.console.policy.jose.v2.scope.FAULT

Fault

com.akana.console.policy.jose.v2.scope.IN

In

com.akana.console.policy.jose.v2.scope.OUT

Out

com.akana.console.policy.jose.v2.serialization.COMPACT

Compact

com.akana.console.policy.jose.v2.serialization.JSON

JSON

com.akana.console.policy.jose.v2.signed.content

Signed Content

com.akana.console.policy.jose.v2.subject.category

Subject Category

com.akana.console.policy.jose.v2.subject.type.service

Service

com.akana.console.policy.jose.v2.uk.open.banking

UK Open Banking

com.akana.console.policy.jose.v2.uk.open.banking.doc.url

Documentation URL

com.akana.console.policy.jose.v2.uk.open.banking.version

UK Open Banking Version

com.akana.console.policy.jose.v2.use.jwks

Use JWKS URL

com.akana.console.policy.jose.v2.version.DEFAULT

Version 3.0 or earlier

com.akana.console.policy.jose.v2.version.OB31

Version 3.1

com.akana.console.policy.jose.v2.view.title

View JOSE Security Policy v2 (Unencoded Payload Support) Wizard

com.akana.console.policy.jose.view.label

View

com.akana.console.policy.jose.view.not.authorized

You are not authorized to view policy details

com.akana.console.policy.jose.view.title

View JOSE Security Policy Wizard

error.detached.required

Header name is required with detached payload and UK Open Banking

error.modify.jose.policy.config

Error in modifying JOSE Security policy: {0}

error.modify.jose.policy.config.get

Error Getting details for OSGI policy: {0}

error.modify.jose.policy.update.failed

Failed to update Policy.

policy.jose.v2.name

JOSE Security Policy v2 (Unencoded Payload Support)