Integration Server 10.15 | Web Services Developer’s Guide | WS-Security Certificate and Key Requirements | Certificate and Key Requirements for WS-Security | Requirements When Using Symmetric Binding
 
Requirements When Using Symmetric Binding
The following table describes the certificates and keys to which Integration Server requires access when using symmetric binding.
Note:Integration Server only supports symmetric binding when you implement WS-Security using WS-SecurityPolicy. The WS-Security facility does not support symmetric binding.
To use symmetric binding to...
Certificates and Keys Required
Sign outbound messages
*For an outbound request message, the consumer requires a symmetric key to sign the message. The consumer generates the symmetric key.
The consumer requires the partner’s certificate to encrypt the symmetric key, which it places in the security header of the outbound request message.
*For an outbound response message, the provider requires a symmetric key to sign the message. The provider uses the encrypted symmetric key that the consumer passed in the security header of the inbound request message. To decrypt the symmetric key, the provider uses its own private key.
Verify signed inbound messages
*For an inbound response message, the consumer requires a symmetric key to verify the message signature. It uses the symmetric key it generated for the outbound request message.
*For an inbound request message, the provider requires a symmetric key to verify the message signature. The provider uses the encrypted symmetric key in the security header of the inbound request message. To decrypt the symmetric key, the provider uses its own private key.
Encrypt outbound messages
*For an outbound request message, the consumer requires a symmetric key to encrypt the message. The consumer generates the symmetric key.
The consumer requires the partner’s certificate to encrypt the symmetric key, which it places in the security header of the outbound request message.
*For an outbound response message, the provider requires a symmetric key to encrypt the message. The provider uses the encrypted symmetric key that the consumer passed in the security header of the inbound request message. To decrypt the symmetric key, the provider uses its own private key.
Decrypt inbound messages
*For an inbound response message, the consumer requires a symmetric key to decrypt the message. It uses the symmetric key it generated for the outbound request message.
*For an inbound request message, the provider requires a symmetric key to decrypt the message. The provider uses the encrypted symmetric key in the security header of the inbound request message. To decrypt the symmetric key, the provider uses its own private key.