%SOAP.Security.Policy
hidden class %SOAP.Security.Policy extends %Library.RegisteredObject
Implementation class for WS-SecurityPolicy in a web service configuration. WS-SecurityPolicy 1.1 and 1.2 are both supported. %SOAP.Security.Policy depends on the use of sp as the internal prefix for WS-SecurityPolicy. See %SOAP.Policy methods GetNamespaceList, GetAssertionNamespace and GetAssertionPrefix. This class is used internally by InterSystems IRIS. You should not make direct use of it within your applications. There is no guarantee made about either the behavior or future operation of this class. The alternative is stored asalternative("sp:SignedParts","Body")=1 alternative("sp:SignedParts","Header",namespace)=1 if all headers in namespace alternative("sp:SignedParts","Header",namespace,name)=1 for individual header alternative("sp:EncryptedParts","Body")=1 alternative("sp:RequiredParts","Header",namespace,name)=1 alternative("sp:Binding")="Transport","Symmetric" or "Asymmetric" alternative("sp:IncludeTimestamp")="" or cfg:Id alternative("sp:ProtectTokens")=1 alternative("sp:EncryptSignature")=1 alternative("sp:EncryptBeforeSigning")=1 alternative("sp:OnlySignEntireHeadersAndBody")=1 alternative("sp:AlgorithmSuite")=(Basic256 | Basic192 | Basic128) [ Sha256 ] [ Rsa15 ] alternative("sp:Layout")="Lax" or "Strict" or "LaxTsFirst" or "LaxTsLast" alternative("sp:RequireClientEntropy")=1 alternative("sp:RequireServerEntropy")=1 alternative("sp:MustSupportIssuedTokens")=1 alternative("SignatureIndex")=index of signature in SecurityIn element list if alternative("sp:Binding")="Asymmetric" alternative("EncryptionIndex")=index of EncryptedKey or ReferenceList in SecurityIn element list if alternative("sp:Binding")="Asymmetric" or "Symmetric" alternative("sp:HttpBasicAuthentication")=1 if alternative("sp:Binding")="Transport" alternative("HttpUsername")=user name if alternative("sp:Binding")="Transport" and sp:HttpBasicAuthentication alternative("HttpPassword")=password if alternative("sp:Binding")="Transport" and sp:HttpBasicAuthentication alternative("sp:RequireClientCertificate")=1 if alternative("sp:Binding")="Transport" alternative("SSLConfiguration")=SSL configuration name if alternative("sp:Binding")="Transport" alternative("BootstrapPolicy") for SecureConversationToken in Transport binding alternative is expressed as subnodes of BootstrapPolicy node. alternative("sp:ProtectionToken")=1 if Protection token alternative("sp:Tokens","sp:SignatureToken") is a token alternative("sp:Tokens","sp:EncryptionToken") is a token alternative("SecureConversationToken") is the token id of the SecureConversationToken in this alternative alternative("sp:InitiatorToken")=1 if Initiator token alternative("sp:RecipientToken")=1 if Recipient token alternative("sp:Tokens","sp:InitiatorSignatureToken") is a token alternative("sp:Tokens","sp:InitiatorEncryptionToken") is a token alternative("sp:Tokens","sp:RecipientSignatureToken") is a token alternative("sp:Tokens","sp:RecipientEncryptionToken") is a token alternative("sp:RequireSignatureConfirmation")=1 alternative("sp:MustSupportRefKeyIdentifier")=1 alternative("sp:MustSupportRefIssuerSerial")=1 alternative("sp:MustSupportRefThumbprint")=1 alternative("sp:MustSupportRefEncryptedKey")=1 Supporting tokens are stored as alternative("sp:Tokens")=number of tokens alternative("sp:Tokens",index) is token alternative("sp:Tokens",index,":type")=tokenType, tokenType is one of [Signed][Endorsing][Encrypted]Supporting alternative("sp:Tokens",index,"sp:AlgorithmSuite")=(Basic256 | Basic192 | Basic128) [ Sha256 ] [ Rsa15 ] alternative("sp:Tokens",index,"sp:SignedParts","Body")=1 alternative("sp:Tokens",index,"sp:SignedParts","Header",namespace)=1 if all headers in namespace alternative("sp:Tokens",index,"sp:SignedParts","Header",namespace,name)=1 for individual header Tokens are stored as follows where id is supporting token index or token name: alternative("sp:Tokens",id)=type (UsernameToken, X509Token, SamlToken, SecureConversationToken, KeyValueToken) alternative("sp:Tokens",id,"NoPassword")=1 optional for UsernameToken alternative("sp:Tokens",id,"HashPassword")=1 optional for UsernameToken alternative("sp:Tokens",id,"Include")="Never" | "Once" | "AlwaysToRecipient" | "AlwaysToInitiator" | "Always" | "" alternative("sp:Tokens",id,"Username")=user name if UsernameToken alternative("sp:Tokens",id,"Password")=password if UsernameToken alternative("sp:Tokens",id,"FindField")=field to identify X509 credentials if X509Token or KeyValueToken alternative("sp:Tokens",id,"FindValue")=value of field to identify X509 credentials if X509Token or KeyValueToken alternative("sp:Tokens",id,"PrivateKeyPassword")=password for private key in X509 credentials if X509Token or KeyValueToken alternative("sp:Tokens",id,"RequireDerivedKeys")=1 for X509Token, SecureConversationToken or SamlToken alternative("sp:Tokens",id,"RequireExplicitDerivedKeys")=1 for X509Token, SecureConversationToken or SamlToken alternative("sp:Tokens",id,"RequireImpliedDerivedKeys")=1 for X509Token, SecureConversationToken or SamlToken alternative("sp:Tokens",id,"RequireKeyIdentifierReference")=1 for X509Token or SamlToken alternative("sp:Tokens",id,"RequireIssuerSerialReference")=1 for X509Token alternative("sp:Tokens",id,"RequireThumbprintReference")=1 for X509Token alternative("sp:Tokens",id,"RequireExternalUriReference")=1 for SecureConversationToken alternative("sp:Tokens",id,"MustNotSendCancel")=1 for SecureConversationToken alternative("sp:Tokens",id,"Lifetime")=lifetime duration in hourss for SecureConversationToken alternative("sp:Tokens",id,"BootstrapPolicy") for SecureConversationToken alternative is expressed as subnodes of BootstrapPolicy node. alternative("sp:Tokens",id,"Token")=UsernameToken, SamlToken, X509Token, SecureConversationToken or KeyValueToken alternative("sp:Tokens",id,"Token") is not stored in disk copy. alternative("sp:Tokens",id,"TokenAdded")=1 if added to message alternative("sp:Tokens",id,"TokenAdded") is not stored in disk copy. alternative("sp:Tokens",id,"DerivedKey") is not stored in disk copy. alternative("TokenList",oref)=1 is oref of token to be used and is not stored in disk copy. See method Analyze...Token for details.
Method Inventory
Parameters
parameter PREFIX = sp;
Prefix for this type of policy
Methods
classmethod GetBootstrapPolicy(ByRef alternative, tokenId As %String, Output bootstrap)
Get the bootstrap policy for this alternative
classmethod UpdateBootstrapPolicy(ByRef alternative, tokenId As %String, Output bootstrap)
Update the bootstrap policy for this alternative after validate
Validate the ProtectTokens assertion
Inherited Members
Inherited Methods
- %AddToSaveSet()
- %ClassIsLatestVersion()
- %ClassName()
- %ConstructClone()
- %DispatchClassMethod()
- %DispatchGetModified()
- %DispatchGetProperty()
- %DispatchMethod()
- %DispatchSetModified()
- %DispatchSetMultidimProperty()
- %DispatchSetProperty()
- %Extends()
- %GetParameter()
- %IsA()
- %IsModified()
- %New()
- %NormalizeObject()
- %ObjectModified()
- %OriginalNamespace()
- %PackageName()
- %RemoveFromSaveSet()
- %SerializeObject()
- %SetModified()
- %ValidateObject()