Using the WS-Security Message Policy

Learn about the WS-Security Message Policy and policy configuration options.

About Policies Managing Policies About Operational Policies

Table of Contents

  1. About the WS-Security Message policy
  2. Creating a WS-Security Message policy
  3. Configuring a WS-Security Message policy
  4. Tab 2: Modify WS-Security Message Policy Signature Options
  5. Tab 3: Modify WS-Security Message Policy Encryption Options
  6. Tab 4: Modify WS-Security Message Policy Required Content Options
  7. View WS-Security Message Policy Details

About the WS-Security Message policy

The WS-Security Message Policy is used to configure message level Confidentiality Assertions (EncryptParts and EncryptElements).

For more information about the function aspects of this policy, refer to the Protection Assertions > Confidentiality Assertions section of the WS-Security Policy 1.1 Specification or the WS-Security Policy 1.2 Specification.

back to top

Creating a WS-Security Message policy

The first step in creating a policy is to define the basic policy information. Then, you can configure the policy details.

To add an operational policy
  1. Go to Workbench > Browse > Organization, and select Policies > Operational Policies. The Policies Summary is displayed.
  2. Click Add Policy.
  3. Choose the policy type and click Next.
  4. Specify a name (required) and description (optional) and click Finish. The Add Policy Wizard creates a draft policy instance that you can then configure on the Policy Details page.

For more information, see Add Policy.

back to top

Configuring a WS-Security Message policy

To configure a WS-Security Message policy
  1. Go to Workbench > Browse > Organization and select the Policies > Operational Policies folder. The Policies Summary is displayed.
  2. Find the policy on the list and double-click to go to the Details page for the policy.
  3. In the second panel, click Modify to access the Modify WS-Security Message Policy wizard.
  4. In the first page, Modify WS-Security Message Policy Options, choose the version of the WS-Security Message specification that the policy will use (1.1 or 1.2) and then click Next.
  5. In the second page, Modify WS-Security Message Policy Signature Options, specify signature settings and then click Next. For details about the options available, see Tab 2: Modify WS-Security Message Policy Signature Options below.
  6. In the third page, Modify WS-Security Message Policy Encryption Options, specify signature settings and then click Next. For details about the options available, see Tab 3: Modify WS-Security Message Policy Encryption Options below.
  7. In the fourth page, Modify WS-Security Message Policy Required Content Options, specify required elements and namespace prefixes. For details about the options available, see Tab 4: Modify WS-Security Message Policy Required Content Options below.
  8. Click Finish.

back to top

Tab 2: Modify WS-Security Message Policy Signature Options

The Modify WS-Security Message Policy wizard, Modify WS-Security Message Policy Signature Options page, includes the options listed below.

Sign Parts
Indicates that there are specific parts that should be signed. Checked by default.
Include Body
Indicates whether the body of the message should be signed. Default: checked. You can also add or delete line items (Namespace and Local Part).
Sign Elements
A table that lists elements in the message that should be signed. Each value on the list is an XPath expression identifying message elements. Check the box if elements should be signed. You can add or delete one or more XPath expressions.
Namespace Prefixes
A list of elements in the message that should be signed. Each value on the list is an XPath expression identifying message elements. You can add or delete multiple namespace prefixes. Each line item includes two values, Prefix and Namespace.

back to top

Tab 3: Modify WS-Security Message Policy Encryption Options

The Modify WS-Security Message Policy wizard, Modify WS-Security Message Policy Encryption Options page, includes the options listed below.

Encrypt Parts
Indicates that there are specific parts that should be encrypted. Checked by default.
Include Body
Indicates whether the body of the message should be encrypted. Default: checked. You can also add or delete line items (Namespace and Local Part).
Encrypt Elements
A table that lists elements in the message that should be encrypted. Each value on the list is an XPath expression identifying message elements. Check the box if elements should be encrypted. You can add or delete one or more XPath expressions.
Namespace Prefixes
A list of elements in the message that should be encrypted. Each value on the list is an XPath expression identifying message elements. You can add or delete multiple namespace prefixes. Each line item includes two values, Prefix and Namespace.

back to top

Tab 4: Modify WS-Security Message Policy Required Content Options

The Modify WS-Security Message Policy wizard, Modify WS-Security Message Policy Required Content Options page, includes the options listed below.

Required Elements
A table that lists elements in the message that are required. Each value on the list is an XPath expression identifying required content. You can add or delete one or more XPath expressions.
Namespace Prefixes
A list of elements in the message that should include the required content. Each value on the list is an XPath expression. You can add or delete multiple namespace prefixes. Each line item includes two values, Prefix and Namespace.

back to top

View WS-Security Message Policy Details

To view the WS-Security Service policy details
  1. Go to Workbench > Browse > Organization, and select Policies > Operational Policies. The Policies Summary is displayed.
  2. Find the policy on the list and double-click to go to the Details page for the policy.

back to top