%SOAP.Security.Policy

hidden class %SOAP.Security.Policy extends %Library.RegisteredObject

Implementation class for WS-SecurityPolicy in a web service configuration. WS-SecurityPolicy 1.1 and 1.2 are both supported. %SOAP.Security.Policy depends on the use of sp as the internal prefix for WS-SecurityPolicy. See %SOAP.Policy methods GetNamespaceList, GetAssertionNamespace and GetAssertionPrefix. This class is used internally by Caché. You should not make direct use of it within your applications. There is no guarantee made about either the behavior or future operation of this class. The alternative is stored as

   alternative("sp:SignedParts","Body")=1
   alternative("sp:SignedParts","Header",namespace)=1 if all headers in namespace
   alternative("sp:SignedParts","Header",namespace,name)=1 for individual header
   alternative("sp:EncryptedParts","Body")=1
   alternative("sp:RequiredParts","Header",namespace,name)=1

   alternative("sp:Binding")="Transport","Symmetric" or "Asymmetric"
   alternative("sp:IncludeTimestamp")="" or cfg:Id
   alternative("sp:ProtectTokens")=1
   alternative("sp:EncryptSignature")=1
   alternative("sp:EncryptBeforeSigning")=1
   alternative("sp:OnlySignEntireHeadersAndBody")=1
   alternative("sp:AlgorithmSuite")=(Basic256 | Basic192 | Basic128) [ Sha256 ] [ Rsa15 ]
   alternative("sp:Layout")="Lax" or "Strict" or "LaxTsFirst" or "LaxTsLast"

   alternative("sp:RequireClientEntropy")=1
   alternative("sp:RequireServerEntropy")=1
   alternative("sp:MustSupportIssuedTokens")=1

   alternative("SignatureIndex")=index of signature in SecurityIn element list if alternative("sp:Binding")="Asymmetric"
   alternative("EncryptionIndex")=index of EncryptedKey or ReferenceList in SecurityIn element list if alternative("sp:Binding")="Asymmetric" or "Symmetric"

   alternative("sp:HttpBasicAuthentication")=1 if alternative("sp:Binding")="Transport"
   alternative("HttpUsername")=user name if alternative("sp:Binding")="Transport" and sp:HttpBasicAuthentication
   alternative("HttpPassword")=password if alternative("sp:Binding")="Transport" and sp:HttpBasicAuthentication
   alternative("sp:RequireClientCertificate")=1 if alternative("sp:Binding")="Transport"
   alternative("SSLConfiguration")=SSL configuration name if alternative("sp:Binding")="Transport"
   alternative("BootstrapPolicy") for SecureConversationToken in Transport binding
			alternative is expressed as subnodes of BootstrapPolicy node.

   alternative("sp:ProtectionToken")=1 if Protection token
   alternative("sp:Tokens","sp:SignatureToken") is a token
   alternative("sp:Tokens","sp:EncryptionToken") is a token

   alternative("SecureConversationToken") is the token id of the SecureConversationToken in this alternative

   alternative("sp:InitiatorToken")=1 if Initiator token
   alternative("sp:RecipientToken")=1 if Recipient token
   alternative("sp:Tokens","sp:InitiatorSignatureToken") is a token
   alternative("sp:Tokens","sp:InitiatorEncryptionToken") is a token
   alternative("sp:Tokens","sp:RecipientSignatureToken") is a token
   alternative("sp:Tokens","sp:RecipientEncryptionToken") is a token

   alternative("sp:RequireSignatureConfirmation")=1
   alternative("sp:MustSupportRefKeyIdentifier")=1
   alternative("sp:MustSupportRefIssuerSerial")=1
   alternative("sp:MustSupportRefThumbprint")=1
   alternative("sp:MustSupportRefEncryptedKey")=1
 Supporting tokens are stored as
   alternative("sp:Tokens")=number of tokens
   alternative("sp:Tokens",index) is token
   alternative("sp:Tokens",index,":type")=tokenType, tokenType is one of [Signed][Endorsing][Encrypted]Supporting
   alternative("sp:Tokens",index,"sp:AlgorithmSuite")=(Basic256 | Basic192 | Basic128) [ Sha256 ] [ Rsa15 ]
   alternative("sp:Tokens",index,"sp:SignedParts","Body")=1
   alternative("sp:Tokens",index,"sp:SignedParts","Header",namespace)=1 if all headers in namespace
   alternative("sp:Tokens",index,"sp:SignedParts","Header",namespace,name)=1 for individual header
 Tokens are stored as follows where id is supporting token index or token name:
   alternative("sp:Tokens",id)=type (UsernameToken, X509Token, SamlToken, SecureConversationToken, KeyValueToken)
   alternative("sp:Tokens",id,"NoPassword")=1 optional for UsernameToken
   alternative("sp:Tokens",id,"HashPassword")=1 optional for UsernameToken
   alternative("sp:Tokens",id,"Include")="Never" | "Once" | "AlwaysToRecipient" | "AlwaysToInitiator" | "Always" | ""
   alternative("sp:Tokens",id,"Username")=user name if UsernameToken
   alternative("sp:Tokens",id,"Password")=password if UsernameToken
   alternative("sp:Tokens",id,"FindField")=field to identify X509 credentials if X509Token or KeyValueToken
   alternative("sp:Tokens",id,"FindValue")=value of field to identify X509 credentials if X509Token or KeyValueToken
   alternative("sp:Tokens",id,"PrivateKeyPassword")=password for private key in X509 credentials if X509Token or KeyValueToken
   alternative("sp:Tokens",id,"RequireDerivedKeys")=1 for X509Token, SecureConversationToken or SamlToken
   alternative("sp:Tokens",id,"RequireExplicitDerivedKeys")=1 for X509Token, SecureConversationToken or SamlToken
   alternative("sp:Tokens",id,"RequireImpliedDerivedKeys")=1 for X509Token, SecureConversationToken or SamlToken
   alternative("sp:Tokens",id,"RequireKeyIdentifierReference")=1 for X509Token or SamlToken
   alternative("sp:Tokens",id,"RequireIssuerSerialReference")=1 for X509Token
   alternative("sp:Tokens",id,"RequireThumbprintReference")=1 for X509Token
   alternative("sp:Tokens",id,"RequireExternalUriReference")=1 for SecureConversationToken
   alternative("sp:Tokens",id,"MustNotSendCancel")=1 for SecureConversationToken
   alternative("sp:Tokens",id,"Lifetime")=lifetime duration in hourss for SecureConversationToken
   alternative("sp:Tokens",id,"BootstrapPolicy") for SecureConversationToken
			alternative is expressed as subnodes of BootstrapPolicy node.
   alternative("sp:Tokens",id,"Token")=UsernameToken, SamlToken, X509Token, SecureConversationToken or KeyValueToken
   alternative("sp:Tokens",id,"Token") is not stored in disk copy.
   alternative("sp:Tokens",id,"TokenAdded")=1 if added to message
   alternative("sp:Tokens",id,"TokenAdded") is not stored in disk copy.
   alternative("sp:Tokens",id,"DerivedKey") is not stored in disk copy.
   alternative("TokenList",oref)=1 is oref of token to be used and is not stored in disk copy.
   See method Analyze...Token for details.

Method Inventory

• GetBootstrapPolicy()
• UpdateBootstrapPolicy()
• ValidateProtectTokens()

Parameters

parameter PREFIX = sp;

Prefix for this type of policy

Methods

classmethod GetBootstrapPolicy(ByRef alternative, tokenId As %String, Output bootstrap)

Get the bootstrap policy for this alternative

classmethod UpdateBootstrapPolicy(ByRef alternative, tokenId As %String, Output bootstrap)

Update the bootstrap policy for this alternative after validate

method ValidateProtectTokens(isig As %Integer, tokenIdx As %Integer, ByRef alternative) as %Boolean

Validate the ProtectTokens assertion

Inherited Members

Inherited Methods

• %AddToSaveSet()
• %ClassIsLatestVersion()
• %ClassName()
• %ConstructClone()
• %DispatchClassMethod()
• %DispatchGetModified()
• %DispatchGetProperty()
• %DispatchMethod()
• %DispatchSetModified()
• %DispatchSetMultidimProperty()
• %DispatchSetProperty()
• %Extends()
• %GetParameter()
• %IsA()
• %IsModified()
• %New()
• %NormalizeObject()
• %ObjectModified()
• %OriginalNamespace()
• %PackageName()
• %RemoveFromSaveSet()
• %SerializeObject()
• %SetModified()
• %ValidateObject()