ActiveVOS Server User’s Guide

Previous | Next

Encryption

An encryption policy describes the parts of a SOAP message to encrypt, in compliance with the processing rules of the XML Encryption specification [XMLENC].

To refer to this policy rather than explicitly adding it, see User-Defined Policy Assertion.

Each specified original element or element content in the message is removed and replaced by the resulting encrypted element.

EncryptionParts attributes:

alias

Optional keystore alias used to retrieve the key for encryption. The default is the alias specified in the crypto properties file.

Content or Element element

<Content> or <Element> is required

Content/Element attributes:

name

namespace

message part or element to be encrypted

target namespace of the message part or element

Example

<abp:EncryptionParts alias="keystore_alias">
   <abp:Element 
    namespace="http://docs.oasis-open.org/wss/2004/01/
     oasis-200401-wss-wssecurity-secext-1.0.xsd" 
    name="UsernameToken"/>
</abp:EncryptionParts>

As a message consumer, ActiveVOS service endpoints accept and consume messages that conform to options deemed allowable under WS-I guidelines. As a message producer, ActiveVOS supports only the recommended algorithms, references and identifiers.

The following algorithms are used within the data encryption of SOAP messages. Additional algorithms will likely be added and supported in future releases, based on WS-I recommendations and customer demand.

Supported Token Types

X.509 Token

Direct Binary Reference (send and receive) - Preferred method, used where possible.

Issuer Serial (send and receive) - Preferred external reference method, if direct not possible.

X509 Identifier (receive only)

Subject Key Identifier (receive only)

Embedded Token References (receive only)

Symmetric Data Encryption Algorithms:

http://www.w3.org/2001/04/xmlenc#tripledes-cbc (send and receive)

http://www.w3.org/2001/04/xmlenc#aes128-cbc (receive only)

http://www.w3.org/2001/04/xmlenc#aes256-cbc (receive only)

Asymmetric Key Transport Algorithms:

http://www.w3.org/2001/04/xmlenc#rsa-1_5 (send and receive)

http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p (receive only)

Signature Digest Algorithm:

http://www.w3.org/2000/09/xmldsig#sha1 (send and receive)

Signature Algorithm:

http://www.w3.org/2000/09/xmldsig#rsa-sha1 (send and receive)

Cannonical XML Transform Algorithm:

http://www.w3.org/2001/10/xml-exc-c14n# (send and receive)

Copyright (c) 2004-2008 Active Endpoints, Inc.