6.1 Overview

SALT implements part of WS-Security protocol version 1.1 for inbound services. Authentication with UsernameToken and X509v3Token are supported. To describe how the authentication is carried out, WS-SecurityPolicy is used in WSDL definition.

In order to communicate with Oracle WebLogic Release 10 via WS-Security 1.1, SALT implements the counterparts of WS-SecurityPolicy (WSSP) 1.2 supported by WebLogic 10. But the supported WSSP 1.2 assertions are limited as follows:

• Protection Assertions
  • Integrity Assertion
  • <sp:SignedParts> Assertion (Limited support)
• Token Assertions:
  • <sp:UsernameToken> Assertion (Limited support)
  • <sp:X509Token> Assertion (Limited support)
• Security Binding Assertions:
  • AsysmmetricBinding Assertion (Limited support)
  • <sp:TransportBinding > Assertion (Limited support)
• Supporting Tokens Assertions:
  • SupportingTokens Assertion (Limited support)

For more details about limitations of WS-SecurityPolicy 1.2 assertions, please refer to Oracle SALT WSSP1.2 Assertion Description.

For more information about WSSP 1.2 assertions supported by WebLogic 10, please refer to in the Oracle WebLogic Web Services Documentation Oracle Web Services Security Policy Assertion Reference

In this document, XML namespace prefix “sp” stands for namespace URI “http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512”.