To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

How to transfigure the Wikipedia

Would you like Wikipedia to always look as professional and up-to-date? We have created a browser extension. It will enhance any encyclopedic page you visit with the magic of the WIKI 2 technology.

Try it — you can delete it anytime.

Install in 5 seconds
4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
Languages
Recent
Show all languages
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
Great Wikipedia has got greater.
.
Leo
Newton
Brights
Milds

WS-SecurityPolicy

From Wikipedia, the free encyclopedia

WS-Security Policy is a web services specification, created by IBM and 12 co-authors, that has become an OASIS standard as of version 1.2. It extends the fundamental security protocols specified by the WS-Security, WS-Trust and WS-Secure Conversation by offering mechanisms to represent the capabilities and requirements of web services as policies. Security policy assertions are based on the WS-Policy framework.

Policy assertions can be used to require more generic security attributes like transport layer security <TransportBinding>, message level security <AsymmetricBinding> or timestamps, and specific attributes like token types.

Most policy assertion can be found in following categories:

  • Protection assertions identify the elements of a message that are required to be signed, encrypted or existent.
  • Token assertions specify allowed token formats (SAML, X509, Username etc.).
  • Security binding assertions control basic security safeguards like transport and message level security, cryptographic algorithm suite and required timestamps.
  • Supporting token assertions add functions like user sign-on using a username token.

Policies can be used to drive development tools to generate code with certain capabilities, or may be used at runtime to negotiate the security aspects of web service communication. Policies may be attached to WSDL elements such as service, port, operation and message, as defined in WS Policy Attachment.[1]

YouTube Encyclopedic

  • 1/3
    Views:
    17 290
    3 306
    831
  • Create a SOAP Web Service in Tibco BW and invoke it using Tibco BW and SOAP UI
  • Encoding and Decoding of SOAP message in Web Service Asp.Net C# || Part-13
  • Information Sharing for Cybersecurity

Transcription

Sample Policies

Namespaces used by the following XML-snippets: 

<p:Policy 
   xmlns:p="http://www.w3.org/ns/ws-policy"
   xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802">
   ...
</p:Policy>

Include a timestamp: 

<sp:IncludeTimestamp />

Use either transport layer security (https) or message level security (XML Dsig/XML Enc): 

<ExactlyOne>
  <sp:TransportBinding>...</sp:TransportBinding>
  <sp:AsymmetricBinding>...</sp:AsymmetricBinding >
</ExactlyOne>

To define a SAML assertion as security token: 

<sp:IssuedToken>
  <sp:RequestSecurityTokenTemplate>
    <wst:TokenType>...#SAMLV2.0</wst:TokenType>
  </sp:RequestSecurityTokenTemplate>
</sp:IssuedToken>

Issued token assertion of providers with reference to the STS and required token format: 

<sp:IssuedToken>
  <sp:Issuer>
    <wsa:EndpointReference>
      <wsa:Address>http://sampleorg.com/sts</wsa:Address>
     </wsa:EndpointReference>
  </sp:Issuer>
  <sp:RequestSecurityTokenTemplate>
    <wst:TokenType>
       http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
    </wst:TokenType>
        ...
  </sp:RequestSecurityTokenTemplate>
  ...
</sp:IssuedToken>

Specify that message header and body need to be signed, and attachments are left unsigned: 

<sp:SignedParts xmlns:sp="..." ... >
  <sp:Body />?
  <sp:Header Name="Dx:NCName"? Namespace="Xd:anyURI" ... />*
...
</sp:SignedParts>

specify that message open source license need to be signed, and hydra security are left unsigned: 

<sp:signedparts http:np="..."...>
<sp:Hydrasecurity />?
<sp:Opensourcelicense Name="Hs:NCName"? Namespace="Sh:anyURI" .../>*
...
</sp:SignedParts>

Other WS policy languages

The term Web Services Security Policy Language is used for two different XML-based languages:

  1. As described above, based on the WS-Policy framework, as defined in,[2] published as version 1.3 in Feb. 2009
  2. WSPL, based on XACML profile for Web-services, but that was not finalized.[3]

See also

References

  1. ^ http://www.w3.org/TR/ws-policy-attach/ WS-Policy - Attachment
  2. ^ http://www.oasis-open.org/specs/index.php#ws-secpol WS-SecurityPolicy
  3. ^ http://www.oasis-open.org/committees/download.php/1608/wd-xacml-wspl-use-cases-04.pdf Web-services policy language use cases and requirements (draft)

External links

This page was last edited on 13 September 2023, at 00:54
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.
Contact WIKI 2
Introduction
Terms of Service
Privacy Policy