The following table shows message protection policy configurations and the resulting message security operations performed by the WS-Security SOAP message security providers for that configuration.
Table 10–1 Message protection policy to WS-Security SOAP message security operation mapping
Message Protection Policy |
Resulting WS-Security SOAP message protection operations |
---|---|
auth-source="sender" |
The message contains a wsse:Security header that contains a wsse:UsernameToken (with password). |
auth-source="content" |
The content of the SOAP message Body is signed. The message contains a wsse:Security header that contains the message Body signature represented as a ds:Signature. |
auth-source="sender" auth-recipient="before-content" OR auth-recipient="after-content" |
The content of the SOAP message Body is encrypted and replaced with the resulting xend:EncryptedData. The message contains a wsse:Security header that contains a wsse:UsernameToken (with password) and an xenc:EncryptedKey. The xenc:EncryptedKey contains the key used to encrypt the SOAP message body. The key is encrypted in the public key of the recipient. |
auth-source="content" auth-recipient="before-content" |
The content of the SOAP message Body is encrypted and replaced with the resulting xend:EncryptedData. The xenc:EncryptedData is signed. The message contains a wsse:Security header that contains an xenc:EncryptedKey and a ds:Signature. The xenc:EncryptedKey contains the key used to encrypt the SOAP message body. The key is encrypted in the public key of the recipient. |
auth-source="content" auth-recipient="after-content" |
The content of the SOAP message Body is signed, then encrypted, and then replaced with the resulting xend:EncryptedData. The message contains a wsse:Security header that contains an xenc:EncryptedKey and a ds:Signature. The xenc:EncryptedKey contains the key used to encrypt the SOAP message body. The key is encrypted in the public key of the recipient. |
auth-recipient="before-content" OR auth-recipient="after-content" |
The content of the SOAP message Body is encrypted and replaced with the resulting xend:EncryptedData. The message contains a wsse:Security header that contains an xenc:EncryptedKey. The xenc:EncryptedKey contains the key used to encrypt the SOAP message body. The key is encrypted in the public key of the recipient. |
No policy specified. |
No security operations are performed by the modules. |