ActiveVOS Server User’s Guide

Previous | Next

Signature

A signature policy describes the parts of a SOAP message to sign with an XML Signature, using an X.509 Certificate token to allow for verification and trust of the signed information.

Inbound signature is for messages received for My Role services and for replies from invoked Partner Role services. It indicates that the My Role partner role accepts signed message content and will verify the signature. Outbound signature is for replies from My Role services and messages sent to invoked Partner Role services.

To refer to this policy rather than explicitly adding it, see User-Defined Policy Assertion.

Example

<abp:SignatureParts alias="keystore_alias">

   <abp:Element 

    namespace="http://docs.oasis-open.org/wss

      /2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 

    name="UsernameToken"/>

</abp:SignatureParts> 

As a message consumer, ActiveVOS service endpoints accept and consume messages that conform to options deemed allowable under WS-I guidelines. As a message producer, ActiveVOS supports only the recommended algorithms, references and identifiers.

The following algorithms are used for signing SOAP message parts. Additional algorithms will likely be added and supported in future releases, based on WS-I recommendations and customer demand.

Supported Token Types

X.509 Token

Direct Binary Reference (send and receive) - Preferred method, used where possible.

Issuer Serial (send and receive) - Preferred external reference method, if direct not possible.

X509 Identifier (receive only)

Subject Key Identifier (receive only)

Embedded Token References (receive only)

Signature Digest Algorithm:

http://www.w3.org/2000/09/xmldsig#sha1 (send and receive)

Signature Algorithm:

http://www.w3.org/2000/09/xmldsig#rsa-sha1 (send and receive)

Cannonical XML Transform Algorithm:

http://www.w3.org/2001/10/xml-exc-c14n# (send and receive)

Copyright (c) 2004-2008 Active Endpoints, Inc.