Main and bootstrap policy settings

Use this page to specify how message security policies are applied to requests and enforced on responses. Assertions for Web Services Security (WS-Security) versions are already generated based on assertions in the policy set. If the policy set includes a Web Services Security Version 1.1 assertion, then Web Services Security Version 1.1 itself is asserted.

To view this administrative console page, use one of the following steps:
  1. Click Services > Policy sets > Application policy sets > policy_set_name.
  2. Click the WS-Security policy in the Policies table.
  3. Click the Main policy link or the Bootstrap policy link.
Message level protection

Specifies whether message level protection (using digital signatures and encryption) is required.

Require signature confirmation

Specifies whether the signature confirmation is required. Select this box to require signature confirmation.

Key Symmetry – Use symmetric tokens

Specifies whether to use symmetric tokens. Select this radio button to use symmetric tokens. You can then configure symmetric tokens using the Symmetric signature and encryption policies link. Click this link to access the Symmetric Signature and Encryption Policies panel where you can create the trust context in which to use symmetric tokens. Using the same token for signing and validating messages and encrypting and decrypting messages provides better performance than can be achieved with asymmetric tokens. Symmetric tokens should be used within a trust context.

Key Symmetry – Use asymmetric tokens

Specifies whether to use asymmetric tokens. Select this button to use asymmetric tokens. You can then configure asymmetric tokens using the Asymmetric signature and encryption policies link. Click this link to access the Asymmetric Signature and Encryption Policies panel where you can create the trust context (message integrity and confidentiality) in which to use asymmetric tokens. You can do this by specifying which token type to use for the initiator and recipient signature as well as the initiator and recipient encryption.

Include time stamp in security header

Specifies whether to use a time stamp in the header. Select this check box to include a time stamp in the header. You can then specify where in the header to place the time stamp by using the Security header layout: radio buttons.

Security header layout:

Specifies the layout rules for the security header.

You can use the following radio buttons for the security header layout:
Strict - declarations must precede use
The declarations in the header must precede the use.
Lax - order of contents can vary
The order of contents in the header can vary.
Lax but timestamp required first in header
The timestamp must be first in the header but the order of the remaining elements can vary.
Lax but timestamp required last in header
The timestamp must be last in the header but the order of the remaining elements can vary.
Policy details – Algorithms for symmetric or asymmetric tokens

Links to a view of available algorithms. Click this link to view the cryptographic and cannonicalization algorithms that are supported. Algorithms are used to reconcile XML differences.

Request policies

Links to the configuration for request message part protection and request token policies.

Request message part protection
Click this link to define which message parts you want protected and how that protection is provided.
Request token policies
Click this link to define policies that specify which types of security tokens are supported and the properties of those token types.
Response policies

Links to configuration for response message part protection and response token policies.

Response message part protection
Click this link to define which message parts you want protected and how that protection is provided.
Response token policies
Click this link to define policies that specify which types of security tokens are supported and the properties of those token types.



Links marked (online) require access to the Internet.

Related tasks
Related reference
Asymmetric signature and encryption policies settings
Symmetric signature and encryption policies settings
Algorithms settings
Message part protection settings
Signed part settings
Encrypted part settings

uwbs_wsspsmbs