Resource Bundle com.soa.console.policy.wssp / SecurityPolicyApplicationResources Information

com.soa.console.policy.security.asym.helpid

235

com.soa.console.policy.security.asym.modify.helpid

257

com.soa.console.policy.security.asym.title

WS-Security Asymmetric Binding Policy

com.soa.console.policy.security.asym.wizard.title

Modify WS-Security Asymmetric Binding Policy Wizard

com.soa.console.policy.security.asym.wizard.view.title

View WS-Security Asymmetric Binding Policy Wizard

com.soa.console.policy.security.asym.wizard1.config.desc

"Specify Asymmetric Binding Options" is used to configure options for the Asymmetric Binding Policy. Required options include selecting the "WS-SecurityPolicy" and "Security Header Layout." WS-SecurityPolicy versions 1.1 and 1.2 are currently supported. The Security Header Layout includes a set of optional properties that are common to security bindings. These properties define rules for controlling the ordering layout when items are added to the Security Header. For properties that are enabled, assertions will set the value of a property. When the value appears in a policy, the property is set to the value indicated by the assertion.

com.soa.console.policy.security.asym.wizard1.description

The "Specify Asymmetric Binding Options" screen is used to configure options for the Asymmetric Binding Policy. Required options include selecting the "WS-SecurityPolicy" and "Security Header Layout."WS-SecurityPolicy versions 1.1 and 1.2 are currently supported.The Security Header Layout includes a set of optional properties that are common to security bindings. These properties define rules for controlling the ordering layout when items are added to the Security Header. For properties that are enabled, assertions will set the value of a property. When the value appears in a policy, the property is set to the value indicated by the assertion.For detailed information on each option, click "Help."

com.soa.console.policy.security.asym.wizard1.encryptbefore

Encrypt Before Signing

com.soa.console.policy.security.asym.wizard1.encryptsignature

Encrypt Signature

com.soa.console.policy.security.asym.wizard1.heading

Specify Asymmetric Binding Options

com.soa.console.policy.security.asym.wizard1.intro

Select the WS-SecurityPolicy version, Security Header Layout and applicable options. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.asym.wizard1.layout

Security Header Layout

com.soa.console.policy.security.asym.wizard1.options

Asymmetric Binding Options

com.soa.console.policy.security.asym.wizard1.protecttokens

Protect Tokens

com.soa.console.policy.security.asym.wizard1.signentire

Only Sign Entire Headers and Body

com.soa.console.policy.security.asym.wizard1.timestamp

Include Timestamp

com.soa.console.policy.security.asym.wizard1.version

WS-SecurityPolicy Version

com.soa.console.policy.security.asym.wizard2.config.desc

"Specify Initiator Token" provides options for defining the private key that the "Initiator" (client) will use to sign messages. A token is initialized by selecting a "Token Type." Supported Token Types include X.509, Binary Security, SAML, Kerberos, Username, Issued, and Secure Conversation. After you configure your token options, click "Next" and a token configuration page for the selected token type will display. The "Token Inclusion" option allows you to specify an IncludeToken attribute in the message. Supported options include Always, Always to Recipient, and Never. If "Always" is specified the token is included in all messages. If "Always to Recipient" is specified, the token is included in all messages sent from initiator to recipient, and not included in messages sent from the recipient to the initiator. If "Never" is specified, an external reference mechanism is used to refer to the key represented by the token. If "Not Specified" is selected, this option is not specified in the policy.The "Subject Category" option allows you to assign a category name to the token definition. Predefined categories include Consumer, Service, and End-User. The "User-Defined" option allows you to specify a custom category name.

com.soa.console.policy.security.asym.wizard2.description

The "Specify Initiator Token" screen provides options for defining the private key that the "Initiator" (client) will use to sign messages.A token is initialized by selecting a "Token Type." Supported Token Types include X.509, Binary Security, SAML, Kerberos, Username, Issued, and Secure Conversation. After you configure your token options, click "Next" and a token configuration page for the selected token type will display.The "Token Inclusion" option allows you to specify an IncludeToken attribute in the message. Supported options include Always, Always to Recipient, and Never. If "Always" is specified the token is included in all messages. If "Always to Recipient" is specified, the token is included in all messages sent from initiator to recipient, and not included in messages sent from the recipient to the initiator. If "Never" is specified, an external reference mechanism is used to refer to the key represented by the token. If "Not Specified" is selected, this option is not specified in the policy.The "Subject Category" option allows you to assign a category name to the token definition. Predefined categories include Consumer, Service, and End-User. The "User-Defined" option allows you to specify a custom category name.

com.soa.console.policy.security.asym.wizard2.heading

Specify Initiator Token

com.soa.console.policy.security.asym.wizard2.inclusion

Token Inclusion

com.soa.console.policy.security.asym.wizard2.intro

Select the Token Type, Token Inclusion, and Subject Category options. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.asym.wizard2.subject

Subject Category

com.soa.console.policy.security.asym.wizard2.token

Initiator Token

com.soa.console.policy.security.asym.wizard2.type

Token Type

com.soa.console.policy.security.asym.wizard3.config.desc

"Specify Recipient Token" provides options for defining the private key that the "Recipient" (service) will use for message decryption and signature verification. A token is initialized by selecting a "Token Type." Supported Token Types include X.509, Binary Security, SAML, Kerberos, Username, Issued, and Secure Conversation. After you configure your token options, click "Next" and a token configuration page for the selected token type will display. The "Token Inclusion" option allows you to specify an IncludeToken attribute in the message. Supported options include Always, Always to Initiator, and Never. If "Always" is specified the token is included in all messages. If "Always to Initiator" is specified, the token is included in all messages sent from the recipient to the initiator, and not included in messages sent from the initiator to the recipient. If "Never" is specified, an external reference mechanism is used to refer to the key represented by the token. If "Not Specified" is selected, this option is not specified in the policy. The "Subject Category" option allows you to assign a category name to the token definition. Predefined categories include Consumer, Service, and End-User. The "User-Defined" option allows you to specify a custom category name.

com.soa.console.policy.security.asym.wizard3.description

The "Specify Recipient Token" screen provides options for defining the private key that the "Recipient" (service) will use for message decryption and signature verification.A token is initialized by selecting a "Token Type." Supported Token Types include X.509, Binary Security, SAML, Kerberos, Username, Issued, and Secure Conversation. After you configure your token options, click "Next" and a token configuration page for the selected token type will display.The "Token Inclusion" option allows you to specify an IncludeToken attribute in the message. Supported options include Always, Always to Initiator, and Never. If "Always" is specified the token is included in all messages. If "Always to Initiator" is specified, the token is included in all messages sent from the recipient to the initiator, and not included in messages sent from the initiator to the recipient. If "Never" is specified, an external reference mechanism is used to refer to the key represented by the token. If "Not Specified" is selected, this option is not specified in the policy.The "Subject Category" option allows you to assign a category name to the token definition. Predefined categories include Consumer, Service, and End-User. The "User-Defined" option allows you to specify a custom category name.

com.soa.console.policy.security.asym.wizard3.heading

Specify Recipient Token

com.soa.console.policy.security.asym.wizard3.inclusion

Token Inclusion

com.soa.console.policy.security.asym.wizard3.intro

Select the Token Type, Token Inclusion, and Subject Category options. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.asym.wizard3.subject

Subject Category

com.soa.console.policy.security.asym.wizard3.token

Recipient Token

com.soa.console.policy.security.asym.wizard3.type

Token Type

com.soa.console.policy.security.asym.wizard4.description

You have successfully completed the "Modify WS-Security Asymmetric Binding Policy Wizard." Review the summary information for policy configuration details.To exit this wizard, click "Close."

com.soa.console.policy.security.asym.wizard4.heading

Completion Summary

com.soa.console.policy.security.asym.wizard4.summary

Summary

com.soa.console.policy.security.common.algorithm.canonicalization

Canonicalization

com.soa.console.policy.security.common.algorithm.config

Security Algorithm Configuration

com.soa.console.policy.security.common.algorithm.config.desc

"Configure Security Algorithm" is used to configure the properties or conditions of a security binding. When an assertion that populates a value of a property appears in a policy, that property is set to the value indicated by the assertion. The security binding then uses the value of the property to control its behavior. Security Algorithm properties include Algorithm Suite, Canonicalization, and XPath Version. Algorithm Suite represents the algorithm suite required for performing cryptographic operations with symmetric or asymmetric key based security tokens.Canonicalization represents the canonical form used to test whether information content of an XML document has changed. Inclusive Canonicalization copies all declarations, even if they are defined outside of the scope of the signature. Exclusive Canonicalization finds out what namespaces are actually being used and just copies those. XPath Version represents the XPath version to be used by the Algorithm Suite. Supported XPath versions include 1.0 (XPath10), 2.0 (XPathFilter20), and Absolute Location Path (AbsXPath). Optional SOAP Normalization and STR Transform properties can also be specified.

com.soa.console.policy.security.common.algorithm.description

The "Configure Security Algorithm" screen is used to configure the properties or conditions of a security binding. When an assertion that populates a value of a property appears in a policy, that property is set to the value indicated by the assertion. The security binding then uses the value of the property to control its behavior. Security Algorithm properties include Algorithm Suite, Canonicalization, and XPath Version.Algorithm Suite represents the algorithm suite required for performing cryptographic operations with symmetric or asymmetric key based security tokens.Canonicalization represents the canonical form used to test whether information content of an XML document has changed. Inclusive Canonicalization copies all declarations, even if they are defined outside of the scope of the signature. Exclusive Canonicalization finds out what namespaces are actually being used and just copies those.XPath Version represents the XPath version to be used by the Algorithm Suite. Supported XPath versions include 1.0 (XPath10), 2.0 (XPathFilter20), and Absolute Location Path (AbsXPath).Optional SOAP Normalization and STR Transform properties can also be specified.

com.soa.console.policy.security.common.algorithm.heading

Configure Security Algorithm

com.soa.console.policy.security.common.algorithm.intro

Select a Security Algorithm option and configure the property settings for the current policy. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.common.algorithm.normalization

SOAP Normalization

com.soa.console.policy.security.common.algorithm.str

STR Transform

com.soa.console.policy.security.common.algorithm.suite

Algorithm Suite

com.soa.console.policy.security.common.algorithm.xpath

XPath Version

com.soa.console.policy.security.common.wss.embeddedtoken

Must Support Embedded Token Reference

com.soa.console.policy.security.common.wss.embeddedtoken.info

This option indicates whether the initiator and recipient must be able to process references that contain embedded tokens.

com.soa.console.policy.security.common.wss.encryptedkey

Must Support Encrypted Key Reference

com.soa.console.policy.security.common.wss.encryptedkey.info

This option indicates whether the initiator and recipient must be able to process references.

com.soa.console.policy.security.common.wss.externaluri

Must Support External URI Reference

com.soa.console.policy.security.common.wss.externaluri.info

This option indicates whether the initiator and recipient must be able to process references to tokens outside the message using URIs.

com.soa.console.policy.security.common.wss.issuerserial

Must Support Issuer Serial Reference

com.soa.console.policy.security.common.wss.issuerserial.info

This option indicates whether the initiator and recipient must be able to process references using the issuer and token serial number.

com.soa.console.policy.security.common.wss.keyidentifier

Must Support Key Identifier Reference

com.soa.console.policy.security.common.wss.keyidentifier.info

This option indicates whether the initiator and recipient must be able to process key-specific identifier token references.

com.soa.console.policy.security.common.wss.nooptions

Do not specify options

com.soa.console.policy.security.common.wss.options

Specify options

com.soa.console.policy.security.common.wss.signatureconf

Require Signature Confirmation

com.soa.console.policy.security.common.wss.signatureconf.info

This option specifies whether signature confirmation elements should be used.

com.soa.console.policy.security.common.wss.thumbprint

Must Support Thumbprint Reference

com.soa.console.policy.security.common.wss.thumbprint.info

This option indicates whether the initiator and recipient must be able to process references using token thumbprints.

com.soa.console.policy.security.common.wss10.config.desc

"Specify WS-Security 1.0 Options" is used to configure a set of properties supported by WS-Security SOAP Message Security 1.0 when the Wss10 assertion is part of the Endpoint Policy Subject. Properties supported for the Wss10 assertion indicate whether the initiator and recipient must be able to process a given reference mechanism, or whether the initiator and recipient may send a fault if such references are encountered. The "Direct References" property is automatically initialized when you select the "Specify options" radio button. This property always has a value of "true" and indicates whether the initiator and recipient must be able to process direct token references (by ID or URI reference).

com.soa.console.policy.security.common.wss10.description

The "Specify WS-Security 1.0 Options" screen is used to configure a set of properties supported by WS-Security SOAP Message Security 1.0 when the Wss10 assertion is part of the Endpoint Policy Subject.Properties supported for the Wss10 assertion indicate whether the initiator and recipient must be able to process a given reference mechanism, or whether the initiator and recipient may send a fault if such references are encountered.The "Direct References" property is automatically initialized when you select the "Specify options" radio button. This property always has a value of "true" and indicates whether the initiator and recipient must be able to process direct token references (by ID or URI reference).

com.soa.console.policy.security.common.wss10.heading

Specify WS-Security 1.0 Options

com.soa.console.policy.security.common.wss10.intro

Select a WS-Security option and configure the property settings for the current policy. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.common.wss10.options

WS-Security 1.0 Options

com.soa.console.policy.security.common.wss11.config.desc

"Specify WS-Security 1.1 Options" is used to configure a set of properties supported by the WS-Security SOAP Message Security 1.0 when the Wss11 assertion is part of the Endpoint Policy Subject. The properties supported for the Wss11 assertion indicate whether the initiator and recipient must be able to process a given reference mechanism, or whether the initiator and recipient may send a fault if such references are encountered.The "Direct References" property is automatically initialized when you select the "Specify options" radio button. This property always has a value of "true" and indicates whether the initiator and recipient must be able to process direct token references (by ID or URI reference). Note: This option is recommended for interoperability when using WS-Security 1.1 with WCF (Windows Communication Foundation).

com.soa.console.policy.security.common.wss11.description

The "Specify WS-Security 1.1 Options" screen is used to configure a set of properties supported by the WS-Security SOAP Message Security 1.0 when the Wss11 assertion is part of the Endpoint Policy Subject.The properties supported for the Wss11 assertion indicate whether the initiator and recipient must be able to process a given reference mechanism, or whether the initiator and recipient may send a fault if such references are encountered.The "Direct References" property is automatically initialized when you select the "Specify options" radio button. This property always has a value of "true" and indicates whether the initiator and recipient must be able to process direct token references (by ID or URI reference).Note: This option is recommended for interoperability when using WS-Security 1.1 with WCF (Windows Communication Foundation).

com.soa.console.policy.security.common.wss11.heading

Specify WS-Security 1.1 Options

com.soa.console.policy.security.common.wss11.intro

Select a WS-Security option and configure the property settings for the current policy. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.common.wss11.options

WS-Security 1.1 Options

com.soa.console.policy.security.common.wst.appliesto

Require Applies To

com.soa.console.policy.security.common.wst.appliesto.info

This option indicates that the STS requires the requestor to specify the scope for the issued token using wsp:AppliesTo in the RST.

com.soa.console.policy.security.common.wst.clientchallenge

Must Support Client Challenge

com.soa.console.policy.security.common.wst.clientchallenge.info

This option indicates whether client challenges are supported.

com.soa.console.policy.security.common.wst.cliententropy

Require Client Entropy

com.soa.console.policy.security.common.wst.cliententropy.info

This option indicates whether client entropy is required to be used as key material for a requested proof token.

com.soa.console.policy.security.common.wst.issuedtokens

Must Support Issued Tokens

com.soa.console.policy.security.common.wst.issuedtokens.info

This option indicates whether the IssuedTokens header is supported as described in WS-Trust.

com.soa.console.policy.security.common.wst.nooptions

Do not specify options

com.soa.console.policy.security.common.wst.options

Specify options

com.soa.console.policy.security.common.wst.serverchallenge

Must Support Server Challenge

com.soa.console.policy.security.common.wst.serverchallenge.info

This option indicates whether server challenges are supported.

com.soa.console.policy.security.common.wst.serverentropy

Require Server Entropy

com.soa.console.policy.security.common.wst.serverentropy.info

This option indicates whether server entropy is required to be used as key material for a requested proof token.

com.soa.console.policy.security.common.wst.tokencollection

Require Token Collection

com.soa.console.policy.security.common.wst.tokencollection.info

This option indicates whether token collection is enabled or disabled.

com.soa.console.policy.security.common.wst10.config.desc

"Specify WS-Trust 1.0 Options" is used to configure a set of properties supported by WS-Trust 1.0 when the Trust10 assertion is part of the Endpoint Policy Subject. WS-Trust provides support for enabling applications to construct trusted SOAP message exchanges. The properties supported for the Trust10 assertion relate to interactions with a Security Token Service and provide a method of issuing, renewing, and validating security tokens.

com.soa.console.policy.security.common.wst10.description

The "Specify WS-Trust 1.0 Options" screen is used to configure a set of properties supported by WS-Trust 1.0 when the Trust10 assertion is part of the Endpoint Policy Subject.WS-Trust provides support for enabling applications to construct trusted SOAP message exchanges. The properties supported for the Trust10 assertion relate to interactions with a Security Token Service and provide a method of issuing, renewing, and validating security tokens.

com.soa.console.policy.security.common.wst10.heading

Specify WS-Trust 1.0 Options

com.soa.console.policy.security.common.wst10.intro

Select a WS-Trust option and configure the property settings for the current policy. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.common.wst10.options

WS-Trust 1.0 Options

com.soa.console.policy.security.common.wst13.config.desc

"Specify WS-Trust 1.3 Options" is used to configure a set of properties supported by WS-Trust 1.3 when the Trust13 assertion is part of the Endpoint Policy Subject. WS-Trust provides support for enabling applications to construct trusted SOAP message exchanges. The properties supported for the Trust13 assertion relate to interactions with a Security Token Service and provide a method of issuing, renewing, and validating security tokens.

com.soa.console.policy.security.common.wst13.description

The "Specify WS-Trust 1.3 Options" screen is used to configure a set of properties supported by WS-Trust 1.3 when the Trust13 assertion is part of the Endpoint Policy Subject.WS-Trust provides support for enabling applications to construct trusted SOAP message exchanges. The properties supported for the Trust13 assertion relate to interactions with a Security Token Service and provide a method of issuing, renewing, and validating security tokens.

com.soa.console.policy.security.common.wst13.heading

Specify WS-Trust 1.3 Options

com.soa.console.policy.security.common.wst13.intro

Select a WS-Trust option and configure the property settings for the current policy. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.common.wst13.options

WS-Trust 1.3 Options

com.soa.console.policy.security.content.not.defined

Policy content not defined.

com.soa.console.policy.security.error.get

Error getting details for Security policy: {0}

com.soa.console.policy.security.error.modify

Error in modifying Security policy: {0}

com.soa.console.policy.security.label.canonicalization.Exclusive

Exclusive

com.soa.console.policy.security.label.canonicalization.Inclusive

Inclusive

com.soa.console.policy.security.label.derivedkeys.Both

Both

com.soa.console.policy.security.label.derivedkeys.None

None

com.soa.console.policy.security.label.derivedkeys.RequireDerivedKeys

Required

com.soa.console.policy.security.label.derivedkeys.RequireExplicitDerivedKeys

Explicit

com.soa.console.policy.security.label.derivedkeys.RequireImpliedDerivedKeys

Implied

com.soa.console.policy.security.label.https.basic

HTTP Basic Authentication

com.soa.console.policy.security.label.https.clientcert

Require Client Certificate

com.soa.console.policy.security.label.https.digest

HTTP Digest Authentication

com.soa.console.policy.security.label.https.notspecified

Not Specified

com.soa.console.policy.security.label.https.requireHttp

Require HTTP Authentication

com.soa.console.policy.security.label.layout.Lax

Lax

com.soa.console.policy.security.label.layout.LaxTimestampFirst

Lax Timestamp First

com.soa.console.policy.security.label.layout.LaxTimestampLast

Lax Timestamp Last

com.soa.console.policy.security.label.layout.Strict

Strict

com.soa.console.policy.security.label.password.HashPassword

Hash Password

com.soa.console.policy.security.label.password.NoPassword

No Password

com.soa.console.policy.security.label.password.None

None

com.soa.console.policy.security.label.protection.false

Specify tokens for Encryption and Signature

com.soa.console.policy.security.label.protection.true

Use a Protection Token

com.soa.console.policy.security.label.tokeninclusion.-1

Not Specified

com.soa.console.policy.security.label.tokeninclusion.1

Never

com.soa.console.policy.security.label.tokeninclusion.2

Once

com.soa.console.policy.security.label.tokeninclusion.3

Always to Recipient

com.soa.console.policy.security.label.tokeninclusion.4

Always to Initiator

com.soa.console.policy.security.label.tokeninclusion.5

Always

com.soa.console.policy.security.label.tokentype.BinarySecurityToken

Binary Security

com.soa.console.policy.security.label.tokentype.IssuedToken

Issued

com.soa.console.policy.security.label.tokentype.KerberosToken

Kerberos

com.soa.console.policy.security.label.tokentype.SamlToken

SAML

com.soa.console.policy.security.label.tokentype.SecureConversationToken

Secure Conversation

com.soa.console.policy.security.label.tokentype.SpnegoContextToken

Spnego

com.soa.console.policy.security.label.tokentype.Unspecified

Not Specified

com.soa.console.policy.security.label.tokentype.UsernameToken

Username

com.soa.console.policy.security.label.tokentype.WssGssKerberosV5ApReqToken11

GSS Kerberos Version 5 AP-REQ

com.soa.console.policy.security.label.tokentype.WssKerberosV5ApReqToken11

Kerberos Version 5 AP-REQ

com.soa.console.policy.security.label.tokentype.WssSamlV10Token10

SAML 1.0 Token Profile 1.0

com.soa.console.policy.security.label.tokentype.WssSamlV10Token11

SAML 1.0 Token Profile 1.1

com.soa.console.policy.security.label.tokentype.WssSamlV11Token10

SAML 1.1 Token Profile 1.0

com.soa.console.policy.security.label.tokentype.WssSamlV11Token11

SAML 1.1 Token Profile 1.1

com.soa.console.policy.security.label.tokentype.WssSamlV20Token11

SAML 2.0 Token Profile 1.1

com.soa.console.policy.security.label.tokentype.WssUsernameToken10

UsernameToken Profile 1.0

com.soa.console.policy.security.label.tokentype.WssUsernameToken11

UsernameToken Profile 1.1

com.soa.console.policy.security.label.tokentype.WssX509Pkcs7Token10

X.509 PKCS7 Token Profile 1.0

com.soa.console.policy.security.label.tokentype.WssX509Pkcs7Token11

X.509 PKCS7 Token Profile 1.1

com.soa.console.policy.security.label.tokentype.WssX509PkiPathV1Token10

X.509 PKI Path v1 Token Profile 1.0

com.soa.console.policy.security.label.tokentype.WssX509PkiPathV1Token11

X.509 PKI Path v1 Token Profile 1.1

com.soa.console.policy.security.label.tokentype.WssX509V1Token10

X.509 v1 Token Profile 1.0

com.soa.console.policy.security.label.tokentype.WssX509V1Token11

X.509 v1 Token Profile 1.1

com.soa.console.policy.security.label.tokentype.WssX509V3Token10

X.509 v3 Token Profile 1.0

com.soa.console.policy.security.label.tokentype.WssX509V3Token11

X.509 v3 Token Profile 1.1

com.soa.console.policy.security.label.tokentype.X509Token

X.509

com.soa.console.policy.security.label.wssversion.1

1.1

com.soa.console.policy.security.label.wssversion.2

1.2

com.soa.console.policy.security.label.xpath.AbsXPath

Absolute Location Path

com.soa.console.policy.security.label.xpath.Absolute

Absolute Location Path

com.soa.console.policy.security.label.xpath.Unspecified

Not Specified

com.soa.console.policy.security.label.xpath.XPath10

1.0

com.soa.console.policy.security.label.xpath.XPath20

2.0

com.soa.console.policy.security.label.xpath.XPathFilter20

2.0

com.soa.console.policy.security.label.xpath.http://www.w3.org/2002/06/xmldsig-filter2

2.0

com.soa.console.policy.security.label.xpath.http://www.w3.org/TR/1999/REC-xpath-19991116

1.0

com.soa.console.policy.security.message.content.elements

Elements

com.soa.console.policy.security.message.content.headers

Headers

com.soa.console.policy.security.message.content.heading

WS-Security Message Policy Required Content Options

com.soa.console.policy.security.message.content.message

com.soa.console.policy.security.message.content.namespaces

Namespace Prefixes

com.soa.console.policy.security.message.content.requiredelements

Required Elements

com.soa.console.policy.security.message.content.requiredparts

Required Parts

com.soa.console.policy.security.message.content.title

Modify WS-Security Message Policy Required Content Options

com.soa.console.policy.security.message.content.view.title

View WS-Security Message Policy Required Content Options

com.soa.console.policy.security.message.encryption.elements

Elements

com.soa.console.policy.security.message.encryption.encryptelements

Encrypt Elements

com.soa.console.policy.security.message.encryption.encryptparts

Encrypt Parts

com.soa.console.policy.security.message.encryption.headers

Headers

com.soa.console.policy.security.message.encryption.heading

WS-Security Message Policy Encryption Options

com.soa.console.policy.security.message.encryption.includebody

Include Body

com.soa.console.policy.security.message.encryption.message

com.soa.console.policy.security.message.encryption.namespaces

Namespace Prefixes

com.soa.console.policy.security.message.encryption.title

Modify WS-Security Message Policy Encryption Options

com.soa.console.policy.security.message.encryption.view.title

View WS-Security Message Policy Encryption Options

com.soa.console.policy.security.message.error.choosebodyorheaders

Select either ''Include Body'' or specify at least one header to sign

com.soa.console.policy.security.message.error.chooseelements

Specify at least one element to sign

com.soa.console.policy.security.message.error.chooseheaders

Specify at least one header to sign

com.soa.console.policy.security.message.error.header

Invalid Header ''{0}'' - {1}

com.soa.console.policy.security.message.error.headerformat

Invalid Header ''{0}'' - The URI must be a valid URI format. The local part must be alphanumeric or the wildcard *.

com.soa.console.policy.security.message.error.invalidxpath

Invalid XPath ''{0}'' - {1}

com.soa.console.policy.security.message.error.namespaceformat

{0}

com.soa.console.policy.security.message.error.namespaces

Invalid Namespace ''{0}'' - {1}

com.soa.console.policy.security.message.helpid

515

com.soa.console.policy.security.message.none

None

com.soa.console.policy.security.message.options.heading

Message Policy Options

com.soa.console.policy.security.message.options.helpText1

Choose the version of the WS-Security Message specification that the policy will use; 1.1 or 1.2.

com.soa.console.policy.security.message.options.helpText2

On this page, specify the parts of the message that will be signed. By default, Sign Parts and Include Body are checked, but you can clear these boxes.Namespace: You can add one or more namespaces to be signed. The namespace must be a valid URI. If you need to modify a namespace, delete it and add another.Sign Elements: Check the box if you want to sign specific elements in the message, and then specify one or more elements in the form of an XPath expression. If you need to modify an element, delete it and add another.Namespace Prefixes: You can specify one or more namespace prefixes. Click Add and add a valid prefix, and then give the full URL of the namespace.

com.soa.console.policy.security.message.options.helpText3

On this page, specify the parts of the message that will be encrypted. By default, Encrypt Parts and Include Body are checked, but you can clear these boxes.Namespace: You can add one or more namespaces to be encrypted. The namespace must be a valid URI. If you need to modify a namespace, delete it and add another.Encrypt Elements: Check the box if you want to encrypt specific elements in the message, and then specify one or more elements in the form of an XPath Expression. If you need to modify an element, delete it and add another.Namespace Prefixes: You can specify one or more namespace prefixes. Click Add and add a valid prefix, and then give the full URL of the namespace.

com.soa.console.policy.security.message.options.helpText4

If you want to specify certain message elements that are required, add them on this page.Required Parts (WS-Security Policy 1.2 only): Check the box if you want to define one or more RequiredParts assertions, supported in the WS-Security Policy 1.2 specification. Click Add, and then define Namespace and Local Part.Required Elements: Check the box. You can then provide details about the elements that are required.XPath Expression: Click Add, and add an XPath expression defining a required element. You can add multiple XPath expressions.Namespace Prefixes: Specify one or more namespace prefixes that are required in the message. Click Add and add a valid prefix, and then the full URL of the namespace.

com.soa.console.policy.security.message.options.message

com.soa.console.policy.security.message.options.title

Modify WS-Security Message Policy Options

com.soa.console.policy.security.message.options.todelete

To change the WS-SecurityPolicy version, delete all 'Required Parts' defined in 'Required Content'

com.soa.console.policy.security.message.options.version

WS-SecurityPolicy Version

com.soa.console.policy.security.message.options.view.title

View WS-Security Message Policy Options

com.soa.console.policy.security.message.signature.elements

Elements

com.soa.console.policy.security.message.signature.headers

Headers

com.soa.console.policy.security.message.signature.heading

WS-Security Message Policy Signature Options

com.soa.console.policy.security.message.signature.includebody

Include Body

com.soa.console.policy.security.message.signature.message

com.soa.console.policy.security.message.signature.namespaces

Namespace Prefixes

com.soa.console.policy.security.message.signature.signelements

Sign Elements

com.soa.console.policy.security.message.signature.signparts

Sign Parts

com.soa.console.policy.security.message.signature.title

Modify WS-Security Message Policy Signature Options

com.soa.console.policy.security.message.signature.view.title

View WS-Security Message Policy Signature Options

com.soa.console.policy.security.message.title

WS-Security Message Policy

com.soa.console.policy.security.modify.label

Modify

com.soa.console.policy.security.modify.title

Modify Security Policy

com.soa.console.policy.security.supporting.delete.delete

Token to Delete

com.soa.console.policy.security.supporting.delete.description

The "Delete Supporting Token Confirmation" screen provides summary information for the Supporting Token deleted using the "Delete Token" function on the "Specify Supporting Token Options" screen.Review the summary information and click "Next" to continue Supporting Token configuration activities.

com.soa.console.policy.security.supporting.delete.heading

Delete Supporting Token Confirmation

com.soa.console.policy.security.supporting.helpid

294

com.soa.console.policy.security.supporting.modify.helpid

295

com.soa.console.policy.security.supporting.title

WS-Security Supporting Tokens Policy

com.soa.console.policy.security.supporting.wizard.title

Modify WS-Security Supporting Tokens Policy Wizard

com.soa.console.policy.security.supporting.wizard.view.title

View WS-Security Supporting Tokens Policy Wizard

com.soa.console.policy.security.supporting.wizard1.config.desc

"Specify Supporting Tokens Options" allows you to configure the following options: WS-SecurityPolicy version, Message Binding Options, and Tokens. Supporting tokens are additional tokens that can be specified to augment claims provided by the token associated with the "message signature" provided by the Security Binding.WS-SecurityPolicy versions 1.1 and 1.2 are currently supported. Message Binding Options include Signed, Endorsing, and Encrypted. These options can be used in different combinations as illustrated in the Supporting Tokens section of the WS-SecurityPolicy specification. Selecting one option separately implements the singular version of the option. The "Tokens" section is used to define methods by which supporting tokens may be bound to a message and to configure "Token Choice" groups. A "Token Choice" group allows you to define a range of different token types required by different clients that are accessing a web service. A token choice can include one or multiple tokens. Select "Add Token Choice" to initialize a Token Group and then "Add" to create a new token. To modify an existing token select a token row and click "Modify" or double-click the token row.

com.soa.console.policy.security.supporting.wizard1.description

The "Specify Supporting Tokens Options" screen allows you to configure the following options: WS-SecurityPolicy version, Message Binding Options, and Tokens. Supporting tokens are additional tokens that can be specified to augment claims provided by the token associated with the "message signature" provided by the Security Binding.WS-SecurityPolicy versions 1.1 and 1.2 are currently supported.Message Binding Options include Signed, Endorsing, and Encrypted. These options can be used in different combinations as illustrated in the Supporting Tokens section of the WS-SecurityPolicy specification. Selecting one option separately implements the singular version of the option.The "Tokens" section is used to define methods by which supporting tokens may be bound to a message and to configure "Token Choice" groups. A "Token Choice" group allows you to define a range of different token types required by different clients that are accessing a web service. A token choice can include one or multiple tokens. Select "Add Token Choice" to initialize a Token Group and then "Add" to create a new token. To modify an existing token select a token row and click "Modify" or double-click the token row.

com.soa.console.policy.security.supporting.wizard1.encrypted

Encrypted

com.soa.console.policy.security.supporting.wizard1.encrypted.info

This option includes encrypted supporting tokens in the security header. They can be added to any SOAP message and do not require the "message signature" being present before the encrypted supporting tokens are added.

com.soa.console.policy.security.supporting.wizard1.endorsing

Endorsing

com.soa.console.policy.security.supporting.wizard1.endorsing.info

This option signs the entire ds:Signature element produced from the message signature and may optionally include additional message parts to sign and/or encrypt.

com.soa.console.policy.security.supporting.wizard1.heading

Specify Supporting Tokens Options

com.soa.console.policy.security.supporting.wizard1.nextstep

Next Step

com.soa.console.policy.security.supporting.wizard1.options

WS-Security Supporting Tokens Policy Options

com.soa.console.policy.security.supporting.wizard1.signed

Signed

com.soa.console.policy.security.supporting.wizard1.signed.info

This option includes signed tokens in the "message signature" and may optionally include additional message parts to sign and/or encrypt.

com.soa.console.policy.security.supporting.wizard1.tokens

Tokens

com.soa.console.policy.security.supporting.wizard1.version

WS-SecurityPolicy Version

com.soa.console.policy.security.supporting.wizard2.config.desc.add

"Add Supporting Token" provides options for adding supporting tokens that may be referenced by a Security Binding. A token is initialized by selecting a "Token Type." Supported Token Types include X.509, Binary Security, SAML, Kerberos, Username, Issued, and Secure Conversation. After you configure your token options, click "Next" and a token configuration page for the selected token type will display.The "Token Inclusion" option allows you to specify an IncludeToken attribute in the message. Supported options include Always, and Never. If "Always" is specified the token is included in all messages. If "Never" is specified, an external reference mechanism is used to refer to the key represented by the token. If "Not Specified" is selected, this option is not specified in the policy. The "Subject Category" option allows you to assign a category name to the token definition. Predefined categories include Consumer, Service, and End-User. The "User-Defined" option allows you to specify a custom category name.

com.soa.console.policy.security.supporting.wizard2.description.add

The "Add Supporting Token" screen provides options for adding supporting tokens that may be referenced by a Security Binding.A token is initialized by selecting a "Token Type." Supported Token Types include X.509, Binary Security, SAML, Kerberos, Username, Issued, and Secure Conversation. After you configure your token options, click "Next" and a token configuration page for the selected token type will display.The "Token Inclusion" option allows you to specify an IncludeToken attribute in the message. Supported options include Always, and Never. If "Always" is specified the token is included in all messages. If "Never" is specified, an external reference mechanism is used to refer to the key represented by the token. If "Not Specified" is selected, this option is not specified in the policy.The "Subject Category" option allows you to assign a category name to the token definition. Predefined categories include Consumer, Service, and End-User. The "User-Defined" option allows you to specify a custom category name.

com.soa.console.policy.security.supporting.wizard2.description.modify

The "Modify Supporting Token" screen provides options for modifying supporting tokens that may be referenced by a Security Binding.A token is initialized by selecting a "Token Type." Supported Token Types include X.509, Binary Security, SAML, Kerberos, Username, Issued, and Secure Conversation. After you configure your token options, click "Next" and a token configuration page for the selected token type will display.The "Token Inclusion" option allows you to specify an IncludeToken attribute in the message. Supported options include Always, and Never. If "Always" is specified the token is included in all messages. If "Never" is specified, an external reference mechanism is used to refer to the key represented by the token. If "Not Specified" is selected, this option is not specified in the policy.The "Subject Category" option allows you to assign a category name to the token definition. Predefined categories include Consumer, Service, and End-User. The "User-Defined" option allows you to specify a custom category name.

com.soa.console.policy.security.supporting.wizard2.heading.add

Add Supporting Token

com.soa.console.policy.security.supporting.wizard2.heading.modify

Modify Supporting Token

com.soa.console.policy.security.supporting.wizard2.inclusion

Token Inclusion

com.soa.console.policy.security.supporting.wizard2.info

Select the Token Type, Token Inclusion, and Subject Category options. After completing your entries, click "Next" to continue.

com.soa.console.policy.security.supporting.wizard2.presence

Presence

com.soa.console.policy.security.supporting.wizard2.subject

Subject Category

com.soa.console.policy.security.supporting.wizard2.token

Supporting Token

com.soa.console.policy.security.supporting.wizard2.type

Token Type

com.soa.console.policy.security.supporting.wizard3.allowed

Allowed Tokens

com.soa.console.policy.security.supporting.wizard3.description

You have successfully completed the "Modify WS-Security Supporting Tokens Policy Wizard." Review the summary information for policy configuration details.To exit this wizard, click "Close."

com.soa.console.policy.security.supporting.wizard3.heading

Completion Summary

com.soa.console.policy.security.supporting.wizard3.summary

Summary

com.soa.console.policy.security.sym.error.tokennotdefined

If switching between Protection and specific Encryption and Signature tokens, the tokens must be defined before "Finish" can be clicked.

com.soa.console.policy.security.sym.error.versionchanged

If switching between WS-Security Policy Versions, the tokens must be updated before "Finish" can be clicked.

com.soa.console.policy.security.sym.helpid

308

com.soa.console.policy.security.sym.modify.helpid

309

com.soa.console.policy.security.sym.title

WS-Security Symmetric Binding Policy

com.soa.console.policy.security.sym.wizard.title

Modify WS-Security Symmetric Binding Policy Wizard

com.soa.console.policy.security.sym.wizard.view.title

View WS-Security Symmetric Binding Policy Wizard

com.soa.console.policy.security.sym.wizard1.config.desc

"Specify Symmetric Binding Options" is used to configure options for the WS-Security Symmetric Binding Policy. Required options include selecting the "WS-SecurityPolicy" and "Security Header Layout." WS-SecurityPolicy versions 1.1 and 1.2 are currently supported.The Security Header Layout includes a set of optional properties that are common to security bindings. These properties define rules for controlling the ordering layout when items are added to the Security Header. For properties that are enabled, assertions will set the value of a property. When the value appears in a policy, the property is set to the value indicated by the assertion.The "Token Properties" section allows you to select binding specific token properties for message protection. The "Use a Protection Token" option is configured on the "Specify Protection Token" screen. The "Specify tokens for Encryption and Signature" option is configured on the "Specify Encryption Token" and "Specify Signature Token" screens.

com.soa.console.policy.security.sym.wizard1.description

The "Specify Symmetric Binding Options" screen is used to configure options for the WS-Security Symmetric Binding Policy. Required options include selecting the "WS-SecurityPolicy" and "Security Header Layout."WS-SecurityPolicy versions 1.1 and 1.2 are currently supported.The Security Header Layout includes a set of optional properties that are common to security bindings. These properties define rules for controlling the ordering layout when items are added to the Security Header. For properties that are enabled, assertions will set the value of a property. When the value appears in a policy, the property is set to the value indicated by the assertion.The "Token Properties" section allows you to select binding specific token properties for message protection. The "Use a Protection Token" option is configured on the "Specify Protection Token" screen. The "Specify tokens for Encryption and Signature" option is configured on the "Specify Encryption Token" and "Specify Signature Token" screens.For detailed information on each option, click "Help."

com.soa.console.policy.security.sym.wizard1.encryptbefore

Encrypt Before Signing

com.soa.console.policy.security.sym.wizard1.encryptsignature

Encrypt Signature

com.soa.console.policy.security.sym.wizard1.heading

Specify Symmetric Binding Options

com.soa.console.policy.security.sym.wizard1.intro

Select the WS-SecurityPolicy version, Security Header Layout plus applicable options, and Token Property. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.sym.wizard1.layout

Security Header Layout

com.soa.console.policy.security.sym.wizard1.options

Symmetric Binding Options

com.soa.console.policy.security.sym.wizard1.protecttokens

Protect Tokens

com.soa.console.policy.security.sym.wizard1.protecttokens.info

This option implements the WS-SecurityPolicy "Protection Token" element. (/sp:SymmetricBinding/wsp:Policy/sp:ProtectionToken)

com.soa.console.policy.security.sym.wizard1.signentire

Only Sign Entire Headers and Body

com.soa.console.policy.security.sym.wizard1.signentire.info

This option implements the WS-SecurityPolicy "Encryption Token" and "Signature Token" elements. (/sp:SymmetricBinding/wsp:Policy/sp:EncryptionToken) (/sp:SymmetricBinding/wsp:Policy/sp:SignatureToken)

com.soa.console.policy.security.sym.wizard1.timestamp

Include Timestamp

com.soa.console.policy.security.sym.wizard1.tokenproperties

Token Properties

com.soa.console.policy.security.sym.wizard1.version

WS-SecurityPolicy Version

com.soa.console.policy.security.sym.wizard2.config.desc

"Specify Signature Token" provides options for defining the symmetric binding token properties. This option implements the WS-SecurityPolicy "Signature Token" element (/sp:SymmetricBinding/wsp:Policy/sp:SignatureToken).A token is initialized by selecting a "Token Type." Supported Token Types include X.509, Binary Security, SAML, Kerberos, Username, Issued, and Secure Conversation. After you configure your token options, click "Next" and a token configuration page for the selected token type will display. The "Token Inclusion" option allows you to specify an IncludeToken attribute in the message. Supported options include Always, Always to recipient, and Never. If "Always" is specified the token is included in all messages. If "Always to recipient" is specified, the token is included in all messages sent from initiator to recipient, and not included in messages sent from the recipient to the initiator. If "Never" is specified, an external reference mechanism is used to refer to the key represented by the token. If "Not Specified" is selected, this option is not specified in the policy. The "Subject Category" option allows you to assign a category name to the token definition. Predefined categories include Consumer, Service, and End-User. The "User-Defined" option allows you to specify a custom category name.

com.soa.console.policy.security.sym.wizard2.description

The "Specify Signature Token" screen provides options for defining the symmetric binding token properties. This option implements the WS-SecurityPolicy "Signature Token" element (/sp:SymmetricBinding/wsp:Policy/sp:SignatureToken).A token is initialized by selecting a "Token Type." Supported Token Types include X.509, Binary Security, SAML, Kerberos, Username, Issued, and Secure Conversation. After you configure your token options, click "Next" and a token configuration page for the selected token type will display.The "Token Inclusion" option allows you to specify an IncludeToken attribute in the message. Supported options include Always, Always to recipient, and Never. If "Always" is specified the token is included in all messages. If "Always to recipient" is specified, the token is included in all messages sent from initiator to recipient, and not included in messages sent from the recipient to the initiator. If "Never" is specified, an external reference mechanism is used to refer to the key represented by the token. If "Not Specified" is selected, this option is not specified in the policy.The "Subject Category" option allows you to assign a category name to the token definition. Predefined categories include Consumer, Service, and End-User. The "User-Defined" option allows you to specify a custom category name.

com.soa.console.policy.security.sym.wizard2.encryption

Also use for encryption

com.soa.console.policy.security.sym.wizard2.heading

Specify Signature Token

com.soa.console.policy.security.sym.wizard2.inclusion

Token Inclusion

com.soa.console.policy.security.sym.wizard2.intro

Select the Token Type, Token Inclusion, and Subject Category options. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.sym.wizard2.subject

Subject Category

com.soa.console.policy.security.sym.wizard2.token

Signature Token

com.soa.console.policy.security.sym.wizard2.type

Token Type

com.soa.console.policy.security.sym.wizard3.description

The "Specify Encryption Token" screen provides options for defining the symmetric binding token properties. This option implements the WS-SecurityPolicy "Encryption Token" element (/sp:SymmetricBinding/wsp:Policy/sp:EncryptionToken).A token is initialized by selecting a "Token Type." Supported Token Types include X.509, Binary Security, SAML, Kerberos, Username, Issued, and Secure Conversation. After you configure your token options, click "Next" and a token configuration page for the selected token type will display.The "Token Inclusion" option allows you to specify an IncludeToken attribute in the message. Supported options include Always, Always to recipient, and Never. If "Always" is specified the token is included in all messages. If "Always to initiator" is specified, the token is included in all messages sent from the recipient to the initiator, and not included in messages sent from the initiator to the recipient. If "Never" is specified, an external reference mechanism is used to refer to the key represented by the token. If "Not Specified" is selected, this option is not specified in the policy.The "Subject Category" option allows you to assign a category name to the token definition. Predefined categories include Consumer, Service, and End-User. The "User-Defined" option allows you to specify a custom category name.

com.soa.console.policy.security.sym.wizard3.heading

Specify Encryption Token

com.soa.console.policy.security.sym.wizard3.inclusion

Token Inclusion

com.soa.console.policy.security.sym.wizard3.intro

Select the Token Type, Token Inclusion, and Subject Category options. After completing your entries, click "Next" to continue.

com.soa.console.policy.security.sym.wizard3.subject

Subject Category

com.soa.console.policy.security.sym.wizard3.token

Encryption Token

com.soa.console.policy.security.sym.wizard3.type

Token Type

com.soa.console.policy.security.sym.wizard4.description

You have successfully completed the "Modify WS-Security Symmetric Binding Policy Wizard." Review the summary information for policy configuration details.To exit this wizard, click "Close."

com.soa.console.policy.security.sym.wizard4.heading

Completion Summary

com.soa.console.policy.security.sym.wizard4.summary

Summary

com.soa.console.policy.security.sym.wizard5.config.desc

"Specify Protection Token" provides options for defining a protection token. A protection token populates both Encryption and Signature token properties and is used for the message signature and for encryption. This option is initialized when you select "Use a Protection Token" option on the "Specify Symmetric Binding Options" screen. A token is initialized by selecting a "Token Type." Supported Token Types include X.509, Binary Security Token, SAML, Kerberos, Username, Issued Token, and Secure Conversation. The "Token Inclusion" option allows you to specify an IncludeToken attribute in the message. Supported options include Always, and Never. If "Always" is specified the token is included in all messages. If "Always to Recipient" is specified, the token is included in all messages sent from initiator to recipient, and not included in messages sent from the recipient to the initiator. If "Never" is specified, an external reference mechanism is used to refer to the key represented by the token. If "Not specified" is selected, this option is not specified in the policy.The "Subject Category" option allows you to assign a category name to the token definition. Predefined categories include Consumer, Service, and End-User. The "User-Defined" option allows you to specify a custom category name.

com.soa.console.policy.security.sym.wizard5.description

The "Specify Protection Token" screen provides options for defining a protection token. A protection token populates both Encryption and Signature token properties and is used for the message signature and for encryption. This option is initialized when you select "Use a Protection Token" option on the "Specify Symmetric Binding Options" screen.A token is initialized by selecting a "Token Type." Supported Token Types include X.509, Binary Security Token, SAML, Kerberos, Username, Issued Token, and Secure Conversation. After you configure your token options, click "Next" and a token configuration page for the selected token type will display.The "Token Inclusion" option allows you to specify an IncludeToken attribute in the message. Supported options include Always, and Never. If "Always" is specified the token is included in all messages. If "Always to Recipient" is specified, the token is included in all messages sent from initiator to recipient, and not included in messages sent from the recipient to the initiator. If "Never" is specified, an external reference mechanism is used to refer to the key represented by the token. If "Not specified" is selected, this option is not specified in the policy.The "Subject Category" option allows you to assign a category name to the token definition. Predefined categories include Consumer, Service, and End-User. The "User-Defined" option allows you to specify a custom category name.

com.soa.console.policy.security.sym.wizard5.heading

Specify Protection Token

com.soa.console.policy.security.sym.wizard5.inclusion

Token Inclusion

com.soa.console.policy.security.sym.wizard5.intro

Select the Token Type, Token Inclusion, and Subject Category options. After completing your entries, click "Next" to continue.

com.soa.console.policy.security.sym.wizard5.subject

Subject Category

com.soa.console.policy.security.sym.wizard5.token

Protection Token

com.soa.console.policy.security.sym.wizard5.type

Token Type

com.soa.console.policy.security.title

Security Policy

com.soa.console.policy.security.token.binary.config.desc

"Specify Binary Security Token Options" provides options for configuring a Binary Security Token Assertion Type. This token type encoding is defined by configuring the @ValueType and @EncodingType attributes of the <wsse:BinarySecurityToken> element. The ValueType attribute allows a URI that defines the value type and space of the encoded binary data. The EncodingType attribute tells how the security token is encoded. The default value is "Base64Binary" and is currently the only value supported by WSS SOAP Message Security. The "Binary Security Token Type" represents the URI of the @ValueType attribute of the <wsse:BinarySecurityToken> element. This option assumes a @EncodingType value of "Base64Binary" and therefore only the @ValueType attribute should be specified.

com.soa.console.policy.security.token.binary.description

The "Specify Binary Security Token Options" screen provides options for configuring a Binary Security Token Assertion Type. This token type encoding is defined by configuring the @ValueType and @EncodingType attributes of the <wsse:BinarySecurityToken> element. The ValueType attribute allows a URI that defines the value type and space of the encoded binary data. The EncodingType attribute tells how the security token is encoded. The default value is "Base64Binary" and is currently the only value supported by WSS SOAP Message Security.The "Binary Security Token Type" represents the URI of the @ValueType attribute of the <wsse:BinarySecurityToken> element. This option assumes a @EncodingType value of "Base64Binary" and therefore only the @ValueType attribute should be specified.

com.soa.console.policy.security.token.binary.heading

Specify Binary Security Token Options

com.soa.console.policy.security.token.binary.info

Enter the Binary Security Token Type to configure the supporting token. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.token.binary.options

Binary Security Token Options

com.soa.console.policy.security.token.binary.type

Binary Security Token Type

com.soa.console.policy.security.token.common.issuer

Issuer

com.soa.console.policy.security.token.common.issuer.addr

Issuer Endpoint

com.soa.console.policy.security.token.common.issuer.name

Issuer Name

com.soa.console.policy.security.token.common.keys

Derived Keys

com.soa.console.policy.security.token.common.keys.info

A <stong>Derived Key is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Note that WS-Security Policy Version 1.1 and 1.2 support different Derived Key options.

com.soa.console.policy.security.token.common.keys.info.tooltip

A Derived Key is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Note that WS-Security Policy Version 1.1 and 1.2 support different Derived Key options.

com.soa.console.policy.security.token.common.version

Version

com.soa.console.policy.security.token.conversation.amend

Do Not Support Amend

com.soa.console.policy.security.token.conversation.amend.info

Selection indicates that the SecureConversation Amend Binding feature is not supported.

com.soa.console.policy.security.token.conversation.bootstrap

Bootstrap Policy

com.soa.console.policy.security.token.conversation.cancel

Do Not Support Cancel

com.soa.console.policy.security.token.conversation.cancel.info

Selection indicates that the WS-Trust Cancel Binding feature is not supported.

com.soa.console.policy.security.token.conversation.config.desc

"Specify Secure Conversation Token Options" provides options for configuring a Secure Conversation Token Assertion Type. Secure Conversation is a feature designed to improve the performance of an application that needs to interchange more than one message with a service. When enabled, the token negotiation and authentication happens once compared to other tokens where that negotiation is done for each request to the service. In the first negotiation, the client sends a "RequestSecurityToken" message to the service in order to ask for a session token. After that, the service creates a new token called Security Context Token (SCT), which contains a reference to the original token and a symmetric key to perform cryptographic operations like encrypt or sign messages.

com.soa.console.policy.security.token.conversation.contexttoken

Use Security Context Token

com.soa.console.policy.security.token.conversation.contexttoken.info

Selection indicates that references to Security Context Tokens (SCT) in messages must use an external URI.

com.soa.console.policy.security.token.conversation.description1

The "Specify Secure Conversation Token Options" screen provides options for configuring a Secure Conversation Token Assertion Type. Secure Conversation is a feature designed to improve the performance of an application that needs to interchange more than one message with a service. When enabled, the token negotiation and authentication happens once compared to other tokens where that negotiation is done for each request to the service. In the first negotiation, the client sends a "RequestSecurityToken" message to the service in order to ask for a session token. After that, the service creates a new token called Security Context Token (SCT), which contains a reference to the original token and a symmetric key to perform cryptographic operations like encrypt or sign messages.

com.soa.console.policy.security.token.conversation.description2

The "Issuer" represents the authority in a network (e.g., Certificate of Authority), that issues and manages security credentials and public keys for message encryption.

com.soa.console.policy.security.token.conversation.description3

A "Derived Key" is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Note that WS-Security Policy Version 1.1 and 1.2 support different "Derived Key" options.

com.soa.console.policy.security.token.conversation.description4

Additional security token options can also be configured.

com.soa.console.policy.security.token.conversation.externaluri

Require External URI Reference

com.soa.console.policy.security.token.conversation.externaluri.info

Selection indicates that the URI used by a Security Context Token (SCT) will be externally referenced.

com.soa.console.policy.security.token.conversation.heading

Specify Secure Conversation Token Options

com.soa.console.policy.security.token.conversation.info

Select Issuer, Derived Key, and Security Token options to configure the supporting token. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.token.conversation.options

Secure Conversation Token Options

com.soa.console.policy.security.token.conversation.renew

Do Not Support Renew

com.soa.console.policy.security.token.conversation.renew.info

Selection indicates that the WS-Trust Renewal Binding feature is not supported.

com.soa.console.policy.security.token.issued.address

Address

com.soa.console.policy.security.token.issued.config.desc

"Specify Issued Token Options" provides options for configuring an Issued Token Assertion Type. This token type is issued by a Certificate of Authority (i.e., Issuer) using the mechanisms defined in WS-Trust. It is used primarily in third party scenarios. For example, the initiator may need to request a SAML token from a given token issuer in order to secure messages sent to the recipient. The "Issuer" represents the URI of the authority in a network (e.g., Certificate of Authority), that issues and manages security credentials and public keys for message encryption. A "Derived Key" is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Note that WS-Security Policy Version 1.1 and 1.2 support different "Derived Key" options. Required "External" and "Internal" Reference options can also be configured.

com.soa.console.policy.security.token.issued.description

The "Specify Issued Token Options" screen provides options for configuring an Issued Token Assertion Type. This token type is issued by a Certificate of Authority (i.e., Issuer) using the mechanisms defined in WS-Trust. It is used primarily in third party scenarios. For example, the initiator may need to request a SAML token from a given token issuer in order to secure messages sent to the recipient.The "Issuer" represents the URI of the authority in a network (e.g., Certificate of Authority), that issues and manages security credentials and public keys for message encryption.A "Derived Key" is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Note that WS-Security Policy Version 1.1 and 1.2 support different "Derived Key" options. Required "External" and "Internal" Reference options can also be configured.

com.soa.console.policy.security.token.issued.external

Require External Reference

com.soa.console.policy.security.token.issued.external.info

Indicates whether an external reference is required when referencing this token. This reference will be supplied by the issuer of the token.

com.soa.console.policy.security.token.issued.heading

Specify Issued Token Options

com.soa.console.policy.security.token.issued.info

Select Issuer, Derived Key, and Reference options to configure the supporting token. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.token.issued.internal

Require Internal Reference

com.soa.console.policy.security.token.issued.internal.info

Indicates whether an internal reference is required when referencing this token. This reference will be supplied by the issuer of the token.

com.soa.console.policy.security.token.issued.name

Name

com.soa.console.policy.security.token.issued.options

Issued Token Options

com.soa.console.policy.security.token.kerberos.config.desc

"Specify Kerberos Token Options" provides options for configuring a Kerberos Token Assertion Type. Kerberos is an authentication service that allows users and services to demonstrate their identity to each other using a "shared secret" which is known by the user and service, and is used as an encryption key. Random keys (i.e., tickets) can them be attached to SOAP messages in accordance with the WSS SOAP Message Security which uses and references the Kerberos tokens. The "Version" represents the Kerberos token types that can be configured. Supported versions include Kerberos Version 5 AP-REQ and GSS Kerberos Version 5 AP-REQ. The "Issuer" represents the authority in a network (e.g., Certificate of Authority), that issues and manages security credentials and public keys for message encryption. The "Require Key Identifier Reference" allows the <wss:SecurityTokenReference> to reference the <wsse:KeyIdentifier> element.A "Derived Key" is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Note that WS-Security Policy Version 1.1 and 1.2 support different "Derived Key" options.

com.soa.console.policy.security.token.kerberos.description

The "Specify Kerberos Token Options" screen provides options for configuring a Kerberos Token Assertion Type. Kerberos is an authentication service that allows users and services to demonstrate their identity to each other using a "shared secret" which is known by the user and service, and is used as an encryption key. Random keys (i.e., tickets) can them be attached to SOAP messages in accordance with the WSS SOAP Message Security which uses and references the Kerberos tokens.The "Version" represents the Kerberos token types that can be configured. Supported versions include Kerberos Version 5 AP-REQ and GSS Kerberos Version 5 AP-REQ.The "Issuer" represents the authority in a network (e.g., Certificate of Authority), that issues and manages security credentials and public keys for message encryption.The "Require Key Identifier Reference" allows the <wss:SecurityTokenReference> to reference the <wsse:KeyIdentifier> element.A "Derived Key" is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Note that WS-Security Policy Version 1.1 and 1.2 support different "Derived Key" options.

com.soa.console.policy.security.token.kerberos.heading

Specify Kerberos Token Options

com.soa.console.policy.security.token.kerberos.info

Select a Version, Issuer, Required Key Identifier Reference, and Derived Key to configure the supporting token. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.token.kerberos.keyidentifier

Required Key Identifier Reference

com.soa.console.policy.security.token.kerberos.options

Kerberos Token Options

com.soa.console.policy.security.token.saml.config.desc

"Specify SAML Token Options" provides options for configuring a SAML Token Assertion Type. SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) standard that allows a user to log on once for affiliated but separate websites. In accordance with WSS SOAP Message Security, SAML assertions can be used as security tokens from the <wsse:Security> header and with an XML signature to bind the subjects and statements of the assertions (i.e., claims) to a SOAP message. The "Version" represents the SAML token types that can be configured. Supported versions include SAML 1.0 Token Profile 1.1, SAML 1.1 Token Profile 1.0, SAML 1.0 Token Profile 1.1, SAML 1.1 Token Profile 1.1, and SAML 2.0 Token Profile 1.1.The "Issuer" represents the URI of the authority in a network (e.g., Certificate of Authority), that issues and manages security credentials and public keys for message encryption. A "Derived Key" is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Note that WS-Security Policy Version 1.1 and 1.2 support different "Derived Key" options.

com.soa.console.policy.security.token.saml.description

The "Specify SAML Token Options" screen provides options for configuring a SAML Token Assertion Type. SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) standard that allows a user to log on once for affiliated but separate websites. In accordance with WSS SOAP Message Security, SAML assertions can be used as security tokens from the <wsse:Security> header and with an XML signature to bind the subjects and statements of the assertions (i.e., claims) to a SOAP message.The "Version" represents the SAML token types that can be configured. Supported versions include SAML 1.0 Token Profile 1.1, SAML 1.1 Token Profile 1.0, SAML 1.0 Token Profile 1.1, SAML 1.1 Token Profile 1.1, and SAML 2.0 Token Profile 1.1.The "Issuer" represents the URI of the authority in a network (e.g., Certificate of Authority), that issues and manages security credentials and public keys for message encryption.A "Derived Key" is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Note that WS-Security Policy Version 1.1 and 1.2 support different "Derived Key" options.

com.soa.console.policy.security.token.saml.heading

Specify SAML Token Options

com.soa.console.policy.security.token.saml.info

Select a Version, Issuer, and Derived Key to configure the supporting token. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.token.saml.options

SAML Token Options

com.soa.console.policy.security.token.saml.requireClaims

Require Claims

com.soa.console.policy.security.token.spnego.config.desc

"Specify Spnego Context Token Options" provides options for configuring an Spnego Context Token Assertion Type.

com.soa.console.policy.security.token.spnego.description

The "Specify Spnego Context Token Options" screen provides options for configuring an Spnego Context Token Assertion Type.

com.soa.console.policy.security.token.spnego.heading

Specify Spnego Context Token Options

com.soa.console.policy.security.token.spnego.info

Select Issuer to configure the supporting token. After completing your entry, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.token.spnego.options

Spnego Context Token Options

com.soa.console.policy.security.token.username.description

The "Specify Username Token Options" screen provides options for configuring a Username Token Assertion Type. This token type provides a WSS SOAP Message Security method that can utilize a username via the <wss:UsernameToken> element. An optional password can also be specified within the <wss:UsernameToken> element by specifying a <wsse:Password> element.The "Version" represents the X.509 token types that can be configured. The "Issuer" represents the authority in a network (e.g., Certificate of Authority), that issues and manages security credentials and public keys for message encryption.The "Issuer" represents the URI of the authority in a network (e.g., Certificate of Authority), that issues and manages security credentials and public keys for message encryption. This option is supported for WS-SecurityPolicy 1.2 only.A "Derived Key" is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Note that WS-Security Policy Version 1.1 and 1.2 support different "Derived Key" options.The "Password Options" provides a list of supported password elements. NoPassword is a policy assertion that indicates that the wsse:Password element must not be present in he Username token. HashPassword indicates that the wsse:Password element must be present in the Username token and that the content of the wsse:Password element must contain a hash of the timestamp, nonce and password as defined in the Username Token Profile. This option is supported for WS-SecurityPolicy 1.2 only.

com.soa.console.policy.security.token.username.heading

Specify Username Token Options

com.soa.console.policy.security.token.username.info.1

Select a Version and Derived Key to configure the supporting token. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.token.username.info.2

Select a Version, Issuer, Derived Key, and Password Option to configure the supporting token. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.token.username.options

Username Token Options

com.soa.console.policy.security.token.username.password

Password Options

com.soa.console.policy.security.token.x509.config.desc

"Specify X.509 Token Options" provides options for configuring an X.509 Token Assertion Type. An X.509 certificate specifies a binding between a public key and a set of attributes that includes (at least) a subject name, issuer name, serial number and validity interval. An X.509 certificate may be used to validate a public key that may be used to authenticate a SOAP message or to identify the public key with SOAP message that has been encrypted. The "Version" represents the X.509 token types that can be configured. The "Issuer" represents the URI of the authority in a network (e.g., Certificate of Authority), that issues and manages security credentials and public keys for message encryption. A "Token Reference" is used to ensure a consistent processing model across all the token types supported by WSS: SOAP Message Security. The <wsse:SecurityTokenReference> element is used to specify all references to X.509 token types in signature or encryption elements that comply with this profile and can reference one of the listed X.509 token types. A "Derived Key" is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Note that WS-Security Policy Version 1.1 and 1.2 support different "Derived Key" options.

com.soa.console.policy.security.token.x509.description

The "Specify X.509 Token Options" screen provides options for configuring an X.509 Token Assertion Type. An X.509 certificate specifies a binding between a public key and a set of attributes that includes (at least) a subject name, issuer name, serial number and validity interval. An X.509 certificate may be used to validate a public key that may be used to authenticate a SOAP message or to identify the public key with SOAP message that has been encrypted.The "Version" represents the X.509 token types that can be configured.The "Issuer" represents the URI of the authority in a network (e.g., Certificate of Authority), that issues and manages security credentials and public keys for message encryption.A "Token Reference" is used to ensure a consistent processing model across all the token types supported by WSS: SOAP Message Security. The <wsse:SecurityTokenReference> element is used to specify all references to X.509 token types in signature or encryption elements that comply with this profile and can reference one of the listed X.509 token types.A "Derived Key" is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Note that WS-Security Policy Version 1.1 and 1.2 support different "Derived Key" options.

com.soa.console.policy.security.token.x509.embeddedtoken

Embedded Token

com.soa.console.policy.security.token.x509.embeddedtoken.info

This option uses the <wsse:Embedded> element specified within a <wsse:SecurityTokenReference> to create a reference to an embedded token.

com.soa.console.policy.security.token.x509.heading

Specify X.509 Token Options

com.soa.console.policy.security.token.x509.info

Select a Version, Issuer, Token Reference, and Derived Key to configure the supporting token. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.token.x509.issuerserial

Issuer Serial

com.soa.console.policy.security.token.x509.issuerserial.info

This option uses the <ds:X509IssuerSerial> element to specify a reference to an X.509 security token by means of the certificate issuer name and serial number.

com.soa.console.policy.security.token.x509.keyidentifier

Key Identifier

com.soa.console.policy.security.token.x509.keyidentifier.info

This option uses the <wss:KeyIdentifer> element to specify a reference to an X.509 certificate by means of a reference to it's X.509 SubjectKeyIdentifer attribute. If a Key Identifier is specified without a ValueType it will be interpreted in an application-specific manner.

com.soa.console.policy.security.token.x509.options

X.509 Token Options

com.soa.console.policy.security.token.x509.refs

Token References

com.soa.console.policy.security.token.x509.thumbprint

Thumbprint

com.soa.console.policy.security.token.x509.thumbprint.info

This option is a Key Identifier "ValueType" is used to specify a reference to an X.509 certificate by means of a reference to its X.509 Thumbprint attribute.

com.soa.console.policy.security.transport.helpid

315

com.soa.console.policy.security.transport.modify.helpid

317

com.soa.console.policy.security.transport.title

WS-Security Transport Binding Policy

com.soa.console.policy.security.transport.wizard.title

Modify WS-Security Transport Binding Policy Wizard

com.soa.console.policy.security.transport.wizard.view.title

View WS-Security Transport Binding Policy Wizard

com.soa.console.policy.security.transport.wizard1.config.desc

"Specify Transport Binding Options" is used to configure options for the WS-Security Transport Binding Policy. A Transport Binding is used when the message protection is provided by the transport medium. Required options include selecting the "WS-SecurityPolicy" and "Security Header Layout." WS-SecurityPolicy versions 1.1 and 1.2 are currently supported.The Security Header Layout includes a set of optional properties that are common to security bindings. These properties define rules for controlling the ordering layout when items are added to the Security Header. For properties that are enabled, assertions will set the value of a property. When the value appears in a policy, the property is set to the value indicated by the assertion. The "Timestamp" property is supported for the "WS-Security Transport Binding."

com.soa.console.policy.security.transport.wizard1.description

The "Specify Transport Binding Options" screen is used to configure options for the WS-Security Transport Binding Policy. A Transport Binding is used when the message protection is provided by the transport medium. Required options include selecting the "WS-SecurityPolicy" and "Security Header Layout."WS-SecurityPolicy versions 1.1 and 1.2 are currently supported.The Security Header Layout includes a set of optional properties that are common to security bindings. These properties define rules for controlling the ordering layout when items are added to the Security Header. For properties that are enabled, assertions will set the value of a property. When the value appears in a policy, the property is set to the value indicated by the assertion. The "Timestamp" property is supported for the "WS-Security Transport Binding."For detailed information on each option, click "Help."

com.soa.console.policy.security.transport.wizard1.heading

Specify Transport Binding Options

com.soa.console.policy.security.transport.wizard1.intro

Select the WS-SecurityPolicy version, Security Header Layout and applicable options. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.transport.wizard1.layout

Security Header Layout

com.soa.console.policy.security.transport.wizard1.options

Transport Binding Options

com.soa.console.policy.security.transport.wizard1.timestamp

Include Timestamp

com.soa.console.policy.security.transport.wizard1.version

WS-SecurityPolicy Version

com.soa.console.policy.security.transport.wizard2.authoption

Authentication Option

com.soa.console.policy.security.transport.wizard2.authoption.basic.info

This option indicates that the client must use HTTP Basic authentication to authenticate to the service.

com.soa.console.policy.security.transport.wizard2.authoption.cert.info

This option indicates that the client must provide a certificate when negotiating the HTTPS session.

com.soa.console.policy.security.transport.wizard2.authoption.digest.info

This option indicates that the client must use HTTP Digest Authentication to authenticate to the service.

com.soa.console.policy.security.transport.wizard2.authoption.notspecified.info

This option indicates a method of authentication is not specified in the policy.

com.soa.console.policy.security.transport.wizard2.certificate.subject

Certificate Subject Category

com.soa.console.policy.security.transport.wizard2.config.desc

"Specify HTTPS Token Options" provides options for defining the transport binding token properties. Token Inclusion, Subject Category, and Authentication Option are supported.The "Token Inclusion" option allows you to specify an IncludeToken attribute in the message. Supported options include Always and Never. If "Always" is specified the token is included in all messages. If "Never" is specified, an external reference mechanism is used to refer to the key represented by the token. If "Not Specified" is selected, this option is not specified in the policy. The "Subject Category" option allows you to assign a category name to the token definition. Predefined categories include Consumer, Service, and End-User. The "User-Defined" option allows you to specify a custom category name. The "Authentication Option" allows you to configure the method of authentication to be used by the transport policy. Option availability is based on the selected WS-SecurityPolicy version (1.1 or 1.2). For WS-Security Policy 1.1, options include Require Client Certificate, and Not Specified. For WS-Security Policy 1.2, options include HTTP Basic Authentication, HTTP Digest Authentication, Require Client Certificate, and Not Specified.

com.soa.console.policy.security.transport.wizard2.description

The "Specify HTTPS Token Options" screen provides options for defining the transport binding token properties. Token Inclusion, Subject Category, and Authentication Option are supported.The "Token Inclusion" option allows you to specify an IncludeToken attribute in the message. Supported options include Always and Never. If "Always" is specified the token is included in all messages. If "Never" is specified, an external reference mechanism is used to refer to the key represented by the token. If "Not Specified" is selected, this option is not specified in the policy.The "Subject Category" option allows you to assign a category name to the token definition. Predefined categories include Consumer, Service, and End-User. The "User-Defined" option allows you to specify a custom category name.The "Authentication Option" allows you to configure the method of authentication to be used by the transport policy. Option availability is based on the selected WS-SecurityPolicy version (1.1 or 1.2). For WS-Security Policy 1.1, options include Require Client Certificate, and Not Specified. For WS-Security Policy 1.2, options include HTTP Basic Authentication, HTTP Digest Authentication, Require Client Certificate, and Not Specified.

com.soa.console.policy.security.transport.wizard2.heading

Specify HTTPS Token Options

com.soa.console.policy.security.transport.wizard2.http.auth.subject

HTTP Authentication Subject Category

com.soa.console.policy.security.transport.wizard2.inclusion

Token Inclusion

com.soa.console.policy.security.transport.wizard2.intro

Select the Token Inclusion, Subject Category, and Authentication Option. After completing your entries, click "Next" to continue, or "Finish" to complete this configuration session.

com.soa.console.policy.security.transport.wizard2.issuer

Issuer

com.soa.console.policy.security.transport.wizard2.token

HTTPS Token

com.soa.console.policy.security.transport.wizard3.description

You have successfully completed the "Modify WS-Security Transport Binding Policy Wizard." Review the summary information for policy configuration details.To exit this wizard, click "Close."

com.soa.console.policy.security.transport.wizard3.heading

Completion Summary

com.soa.console.policy.security.transport.wizard3.summary

Summary

com.soa.console.policy.security.view.label

View

com.soa.console.policy.wssp.common.genaudit.config.desc

"Specify Security Audit Options" allows you to configure whether you want audit data captured for all message exchanges or only when errors occur on a message exchange.

com.soa.console.policy.wssp.common.genaudit.description

The "Specify Security Audit Options" screen allows you to configure whether you want audit data captured for all message exchanges or only when errors occur on a message exchange. Select one of the following options:Generate Audit Data - Captures success and failure audit data for all message exchanges.Audit on Error Only - Captures audit data only when an error occurs on a message exchange.Select an option and click "Finish."

com.soa.console.policy.wssp.common.genaudit.heading

Specify Security Audit Options

com.soa.console.policy.wssp.common.genaudit.options

Security Audit Options

com.soa.console.policy.wssp.message.summary

Completion Summary

com.soa.console.policy.wssp.message.summary.description

You have successfully completed the Modify WS-Security Message Policy Wizard. Review the summary information for policy configuration details.To exit this wizard, click Close.

com.soa.console.policy.wssp.message.wizard.title

Modify WS-Security Message Policy Wizard

com.soa.console.policy.wssp.message.wizard.title.view

View WS-Security Message Policy Wizard

com.soa.console.policy.wssp.onerroronly.checkbox.title

On Error Only

com.soa.console.policy.wssp.securityaudit.checkbox.title

Generate Audit Data

policy.security.asym.name

WS-Security Asymmetric Binding Policy

policy.security.message.name

WS-Security Message Policy