Sunday, August 23, 2009

What are policy subjects and where goes security policy assertions?

The entities with which policies are associated are called policy subjects.

For example, you can associate a policy with an endpoint, in which case the endpoint is the policy subject. It is possible to associate multiple policies with any given policy subject. The WS-Policy framework supports the following kinds of policy subject.

•Service policy subject.

•Endpoint policy subject.

•Operation policy subject.

•Message policy subject.

Service policy subject
Associates a policy with a service, insert either a element or a element as a sub-element of the following WSDL 1.1 element(s):

wsdl:service — apply the policy to all of the ports (endpoints) offered by this service.

Endpoint policy subject
Associates a policy with an endpoint, insert either a element or a element as a sub-element of any of the following WSDL 1.1 elements:

wsdl:portType — apply the policy to all of the ports (endpoints) that use this port type.

wsdl:binding — apply the policy to all of the ports that use this binding.

wsdl:port — apply the policy to this endpoint only.

wsdl:service can have multiple wsdl:port(s) and a given wsdl:port has reference to a single wsdl:binding, while wsdl:binding has reference to a wsdl:portType.

Operation policy subject
Associate a policy with an operation, insert either a element or a element as a sub-element of any of the following WSDL 1.1 elements:

wsdl:portType/wsdl:operation

•wsdl:binding/wsdl:operation

Message policy subject
Associate a policy with a message, insert either a element or a element as a sub-element of any of the following WSDL 1.1 elements:

wsdl:message

wsdl:portType/wsdl:operation/wsdl:input

wsdl:portType/wsdl:operation/wsdl:output

wsdl:portType/wsdl:operation/wsdl:fault

wsdl:binding/wsdl:operation/wsdl:input

wsdl:binding/wsdl:operation/wsdl:output

wsdl:binding/wsdl:operation/wsdl:fault

Following are the policy assertions and their corresponding policy subjects as per the WS-Security Policy.

Endpoint Policy Subject Assertions

1) Security Binding Assertions
TransportBinding Assertion
SymmetricBinding Assertion
AsymmetricBinding Assertion

2) Token Assertions
SupportingTokens Assertion
SignedSupportingTokens Assertion
EndorsingSupportingTokens Assertion
SignedEndorsingSupportingTokens Assertion

3) WSS: SOAP Message Security 1.0 Assertions
Wss10 Assertion

4) WSS: SOAP Message Security 1.1 Assertions
Wss11 Assertion

5) Trust 1.0 Assertions
Trust10 Assertion

Operation Policy Subject Assertions

1) Supporting Token Assertions
SupportingTokens Assertion
SignedSupportingTokens Assertion
EndorsingSupportingTokens Assertion
SignedEndorsingSupportingTokens Assertion

Message Policy Subject Assertions

1) Supporting Token Assertions
SupportingTokens Assertion
SignedSupportingTokens Assertion
EndorsingSupportingTokens Assertion
SignedEndorsingSupportingTokens Assertion

2) Protection Assertions
SignedParts Assertion
SignedElements Assertion
EncryptedParts Assertion
EncryptedElements Assertion
RequiredElements Assertion

0 comments:

Post a Comment