Friday 26 April 2013

Oracle SOA Suite - Define Web Service Policy (WS Policy) for message level security with X509 token

WS-Security Policy 1.2 support in OracleServiceBus 11g

 

Web Service Policy (WS Policy) is a standard framework which allows Web Services to express their constraints and requirements as collection of XML statements known as policy assertions.

WS-Security Policy 1.2 specification from OASIS defines a set of security policy assertion for use with the WS Policy Framework. The assertions defined within this specification have been designed to work independently of a specific version of WS-Policy.

Oracle Service Bus supports WS-Security Policy 1.2  specification assertions at both Business and Proxy Service level. 

To implement this specification, the Policy file in OSB must use XML Namespace URI as below :

http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702 

Here is a sample Policy file with X509 Token which could be used in Oracle Service Bus to define a Custom WS  policy  for message level security in Business or Proxy Services.

<wsp:Policy wsu:Id="someName"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
            xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
            xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:AsymmetricBinding>
                <wsp:Policy>
                    <sp:InitiatorToken>
                        <wsp:Policy>
                            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/20070/IncludeToken/Always">
                                <wsp:Policy>
                                    <sp:RequireThumbprintReference />
                                    <sp:WssX509V3Token10 />
                                </wsp:Policy>
                            </sp:X509Token>
                        </wsp:Policy>
                    </sp:InitiatorToken>
                    <sp:RecipientToken>
                        <wsp:Policy>
                            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
                                <wsp:Policy>
                                    <sp:RequireThumbprintReference />
                                    <sp:WssX509V3Token10 />
                                </wsp:Policy>
                            </sp:X509Token>
                        </wsp:Policy>
                    </sp:RecipientToken>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:TripleDesRsa15 />
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Strict />
                        </wsp:Policy>
                    </sp:Layout>
                    <sp:IncludeTimestamp />
                    <sp:OnlySignEntireHeadersAndBody />
                </wsp:Policy>
            </sp:AsymmetricBinding>
           
            <sp:Wss10>
                <wsp:Policy>
                    <sp:MustSupportRefKeyIdentifier/>
                    <sp:MustSupportRefIssuerSerial/>
                </wsp:Policy>
            </sp:Wss10>
           
            <sp:SignedParts>
                <sp:Body/>
            </sp:SignedParts>
           
       </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy> 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)