Asymmetric Binding Configuration

CentraSite 10.5 | CentraSite User’s Guide | Runtime Governance | Run-Time Policy Management | Asymmetric Binding Configuration

Obtaining Details of Asymmetric Binding

Modifying Details of Asymmetric Binding

Removing Asymmetric Binding

WS-SecurityPolicy specification deals with three types of Security Bindings. A security binding determines how the message transfer is to be done between the recipient and the initiator.

Asymmetric Binding is used when both the Initiator and the Recipient possess public and private keys. The message transfer takes place using Public Key Infrastructure.

An Asymmetric Binding element in the WSDL looks like this:

<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
</sp:InitiatorToken>
<sp:RecipientToken>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>

The following run-time actions that support WS-Security policies use a common Asymmetric Binding element:

The Require Encryption action.

The Require Signing action.

The Require WSS SAML Token action.

The Require WSS X.509 Token action.

The Asymmetric Binding Components

The components of a security binding are:

Recipient Token Inclusion

The value of Recipient Token Inclusion specifies how to include the Recipient token during message exchange from Initiator to Recipient or Recipient to Initiator. It takes the same values as Initiator Token Inclusion above.

Algorithm Suite

The value of Algorithm Suite specifies the algorithm suite to be used for this asymmetric binding. The possible algorithms supported are:

Basic 256

Basic192

Basic128

TripleDes

Basic256Rsa15

Basic192Rsa15

Basic128Rsa15

TripleDesRsa15

Basic256Sha256

Basic192Sha256

Basic128Sha256

TripleDesSha256

Basic256Sha256Rsa15

Basic192Sha256Rsa15

Basic128Sha256Rsa15

Layout

Layout describes the way information is added to the message header. The possible values are:

Value	Description
Strict	Items are added to the security header in a principle of declare before use.
Lax	Items are added to the security header in any order that conforms to WSS: SOAP Message Security.
LaxTsFirst	Same as Lax except that the first item in the security header must be a wsse:Timestamp. The wsse:Timestamp property must also be set to true in this case.
LaxTsLast	Same as Lax except that the last item in the security header must be a wsse:Timestamp. The wsse:Timestamp property must also be set to true in this case.