7.1 Overview

SALT implements part of WS-Security protocol version 1.0 for inbound services. Authentication with UsernameToken and X509v3Token are supported. WS-SecurityPolicy 1.0 assertions are used in WSDL definition to describe how the authentication is carried out. The WS-SecuirtyPolicy1.0 specification (2002) is supported in order to ensure the interoperability with Oracle WebLogic 9.x.

Below are all SALT supported WS-SecurityPolicy 1.0 assertions:

• SecurityToken Assertions:
  • UsernameToken Assertion and X509Token Assertion
• Integrity Assertion
• Identity Assertion

There are some extension assertions used in WebLogic 9.x, SALT only implements a subset of them. Integrity Assertion is only used when using X509v3 token for authentication. And the only message part can be specified for signature is the whole SOAP Body.