Contents
In any secure communications protocol, it is crucial that secured messages do not have an indefinite life span. In secure Web Services transactions, a WS-Utility (WSU) Timestamp can be inserted into a WS-Security Header to define the lifetime of the message in which it is placed. A message containing an expired timestamp should be rejected immediately by any Web Service that consumes the message.
Typically, the timestamp contains Created
and Expires
times,
which combine to define the lifetime of the timestamp. The following shows an example
Timestamp
:
<wsu:Timestamp xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"> <wsu:Created>2009-03-16T16:32:22Z</wsu:Created> <wsu:Expires>2009-03-16T16:42:22Z</wsu:Expires> </wsu:Timestamp>
Because the WS-Utility Timestamp is inserted into the WS-Security header block, it is also referred to as a WSS Timestamp. For example, see the Extract WSS Timestamp filter.
Complete the following fields to configure the API Gateway to insert a timestamp into the message:
Name:
Enter an intuitive name for the filter.
Actor:
The timestamp is inserted into the WS-Security header identified by the SOAP Actor selected here.
Expires In:
Configure the lifetime of the timestamp (and hence the message into which the timestamp is inserted) by specifying the expiration time of the assertion. The expiration time is expressed in days, hours, minutes, and/or seconds.
Layout Type:
In cases where the timestamp must adhere to a particular layout as mandated by
the WS-Policy <Layout>
assertion, you must select the appropriate
layout type. A Web Service that enforces a WS-Policy may reject the message if the
layout of security elements in the SOAP header is incorrect. Therefore, you must
ensure that you select the correct layout type.