A Custom Assertions Schema Reference

You can use the XML schema in this appendix as a reference when creating a WS-Policy file that contains custom web service assertions.

This appendix includes the following topics:

A.1 Element Hierarchy of Custom Assertions in a WS-Policy File

This topic shows the element hierarchy of the custom assertions in a WS-Policy file.

The following figure illustrates it:

Figure A-1 Element Hierarchy of Custom Assertion

Description of "Figure A-1 Element Hierarchy of Custom Assertion"

A.2 Custom Assertion Elements

This topic lists the custom assertion elements.

A custom assertion contains the following elements:

A.2.1 wsp:Policy

This topic describes the <wsp:Policy> element and its attributes.

The <wsp:Policy> element groups nested policy assertions.

Attributes

The following table summarizes the Oracle extensions to the WS-Policy attributes.

Table A-1 Oracle Extensions to WS-Policy Attributes

Attribute	Description
attachTo	Policy subjects to which the policy can be attached. Valid values include:binding.client, binding.server, binding.any.
category	Category of the policy. Valid values include: security and management.
description	Description of the policy.
status	Status of the policy reference. Valid values include: enabled and disabled.

Example

The following example illustrates the <wsp:Policy> element:

<wsp:Policy xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"
  xmlns:orasp="http://schemas.oracle.com/ws/2006/01/securitypolicy" 
  orawsp:status="enabled"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-util
ity-1.0.xsd" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  orawsp:category="security" 
  orawsp:attachTo="binding.server" 
  wsu:Id="ip_assertion_policy" 
  xmlns:orawsp="http://schemas.oracle.com/ws/2006/01/policy" 
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" 
  wsp:Name="oracle/ip_assertion_policy">

A.2.2 orasp:Assertion

This topic describes the attributes of the <orasp:Assertion> element.

The <orasp:Assertion> element is the main element of the custom assertion.

Attributes

The following table summarizes the attributes of the <orasp:Assertion> element.

Table A-2 Attributes of <orasp:Assertion> Element

Attribute	Description
Optional	Flag that specifies whether the assertion is optional or required.
Silent	Flag that specifies whether the assertion is advertised. If set to true, the assertion is not advertised.
Enforced	Flag that specifies whether the assertion is currently enabled.
name	Name of the assertion.
description	Description of the assertion.
category	Category to which the assertion applies. Valid values include: security/authentication, security/msg-protection, security/authorization, security/logging and management.
provides	Web service endpoint type to which this policy can be attached. Note: This attribute is required for RESTful endpoints. For example, to specify RESTful web services: orawsp:provides="{http://schemas.oracle.com/ws/2006/01/policy}REST_HTTP"

Example

The following example illustrates the <orasp:Assertion> element:

<orasp:ipAssertion orawsp:Silent="true" orawsp:Enforced="true"
orawsp:name="WSSecurity IpAssertion Validator"
orawsp:category="security/authentication"
orawsp:provides="{http://schemas.oracle.com/ws/2006/01/policy}REST_HTTP">
...
</orasp:ipAssertion>

A.2.3 orawsp:bindings

This topic describes the <oraswsp:bindings> element.

The <oraswsp:bindings> element defines the bindings in the custom assertion.

Example

The following example illustrates the <oraswsp:bindings> element:

<orawsp:bindings>
...
</orawsp:bindings>

A.2.4 orawsp:Implementation

This topic describes the <oraswsp:Implementation> element.

The <oraswsp:Implementation> element defines the custom assertion implementation class.

Example

The following example illustrates the <oraswsp:Implementation> element:

<orawsp:Implementation>sampleassertion.IpAssertionExecutor</orawsp
:Implementation>

A.2.5 orawsp:Config

This topic describes the <oraswsp:Config> element and its attributes.

The <oraswsp:Config> element defines the configuration for the custom assertion.

Attributes

The following table summarizes the attributes of the <orawsp:Config> element.

Table A-3 Attributes of <orawsp:Config> Element

Attribute	Description
name	Name of the configuration.
type	Category to which the configuration applies.
configType	Configuration type. Valid values include: declarative and programmatic. declarative—Use deployment descriptors and configuration files to describe authentication and authorization requirements. programmatic—Embed security enforcement within the application.

Attribute

Description

name

Name of the configuration.

type

Category to which the configuration applies.

configType

Configuration type. Valid values include: declarative and programmatic.

declarative—Use deployment descriptors and configuration files to describe authentication and authorization requirements.
programmatic—Embed security enforcement within the application.

Example

The following example illustrates the <oraswsp:Config> element:

<orawsp:Config orawsp:name="ipassertion" orawsp:configType="declarative">

A.2.6 orawsp:PropertySet

This topic describes the <oraswsp:PropertySet> element and its attributes.

The <oraswsp:PropertySet> element groups nested properties.

Attributes

The following table summarizes the attributes of the <orawsp:PropertySet> element.

Table A-4 Attributes of <orawsp:PropertySet> Element

Attribute	Description
name	Name of the property set.

Example

The following example illustrates the <oraswsp:PropertySet> element:

<orawsp:PropertySet orawsp:name="valid_ips">

A.2.7 orawsp:Property

This topic describes the <oraswsp:Property> element and its attributes.

The <oraswsp:Property> element defines a single property.

Attributes

The following table summarizes the attributes of the <orawsp:Property> element.

Table A-5 Attributes of <orawsp:Property> Element

Attribute	Description
name	Name of the property.
type	Type of the property. For example, string.
contentType	Specifies whether the property is required and can be overridden. Valid values include: constant—Property is a constant value and cannot be overridden. required—Property is required and can be overridden. optional—Property is optional and can be overridden. For information about overriding policies, see "Overriding Policy Configuration Overrides" in Administering Web Services.

Attribute

Description

name

Name of the property.

type

Type of the property. For example, string.

contentType

Specifies whether the property is required and can be overridden. Valid values include:

constant—Property is a constant value and cannot be overridden.
required—Property is required and can be overridden.
optional—Property is optional and can be overridden.

For information about overriding policies, see "Overriding Policy Configuration Overrides" in Administering Web Services.

Example

The following example illustrates the <orawsp:Property> element:

<orawsp:Property orawsp:name="valid_ips" orawsp:type="string"
 orawsp:contentType="constant">

A.2.8 orawsp:Description

This topic describes the <oraswsp:Description> element.

The <oraswsp:Description> element provides a description of the property.

Example

The following example illustrates the <oraswsp:Description> element:

<orawsp:Description>Valid IP Values</orawsp:Description>

A.2.9 orawsp:Value

This topic describes the <oraswsp:Value> element.

The <oraswsp:Value> element provides a list of valid values for the property.

Example

The following example illustrates the <oraswsp:Value> element:

<orawsp:Value>140.87.6.143,10.178.93.107</orawsp:Value>