<Confidentiality> Element
Specifies the encryption requirements for a SOAP message.
<policyDocument> Element
<policies> Element
<Policy> Element (WSE for Microsoft .NET) (1)
<Confidentiality wsp:Usage="..." wsp:Preference="..." >
<Algorithm Type="wsse:AlgEncryption"
URI="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
wsp:Preference="1"/>
<KeyInfo>
<SecurityToken />
<SecurityTokenReference />
</KeyInfo>
<MessageParts Dialect="https://schemas.xmlsoap.org/2002/12/wsse#part">
</MessageParts>
</Confidentiality>
Attributes and Elements
Attributes
Attribute | Description |
---|---|
wsp:Usage |
Required attribute. Must be wsp:Required. Setting the attribute to wsp:Required specifies that the SOAP message must be signed as specified by the assertion. |
wsp:Preference |
Optional attribute. Specifies the preferred alternative when multiple alternatives to satisfy a policy exist. The preference is expressed as an xsd:int. The higher the value of the preference, the greater the weighting of the expressed preference. If no preference is specified, a value of zero is assumed. |
Child Elements
Element | Description |
---|---|
Optionally, specifies the algorithm to use to compute the encrypted data. WSE supports wsse:AlgEncryption. |
|
Specifies the type of security token that must be used to encrypt the SOAP message. |
|
Specifies the portions of the SOAP message that must be encrypted. |
Parent Elements
Element | Description |
---|---|
Specifies a SOAP message requirement. |
Remarks
The <Confidentiality> element must contain a <KeyInfo> Element (WSE for Microsoft .NET) (1) element that contains a security token type supported by WSE.
WSE supports encryption of the <Body> element and of Username tokens, so the only valid value for the <MessageParts> element are wsp:Body()
and wse:UsernameToken()
.
The following table lists the possible values for the wsp:Usage attribute, as defined by the WS-Policy specification. WSE only supports the wsp:Required value for the wsp:Usage attribute. That is, only "required" assertions will get their policy enforcers invoked during enforcement.
Value | Description |
---|---|
wsp:Required |
Indicates that SOAP messages must be encrypted as specified in the assertion. |
wsp:Rejected |
Indicates that SOAP messages that are encrypted as specified in the assertion are explicitly not supported. |
wsp:Optional |
Indicates that SOAP messages can be optionally encrypted as specified in the assertion. |
wsp:Observed |
Indicates that SOAP messages must be encrypted as specified in the assertion. |
wsp:Ignored |
Indicates that SOAP messages are not processed to determine if they meet this encryption requirement. |
Example
The following code example defines a policy assertion named encrypted-body-x509
that requires the encryption of the <Body> element by an X509SecurityToken and that SOAP messages sent to the http://www.cohowinery.com/Service1.asmx
endpoint adhere to the policy assertion.
Note
This code example is designed to demonstrate WSE features and is not intended for production use.
<?xml version="1.0" encoding="utf-8"?>
<policyDocument xmlns="https://schemas.microsoft.com/wse/2003/06/Policy">
<mappings>
<endpoint uri="http://www.cohowinery.com/Service1.asmx">
<defaultOperation>
<request policy="#encrypted-body-x509" />
<response policy="" />
<fault policy="" />
</defaultOperation>
</endpoint>
</mappings>
<policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wse="https://schemas.microsoft.com/wse/2003/06/Policy"
xmlns:wsa="https://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wssp="https://schemas.xmlsoap.org/ws/2002/12/secext"
xmlns:wsp="https://schemas.xmlsoap.org/ws/2002/12/policy"
xmlns:wssc="https://schemas.xmlsoap.org/ws/2004/04/sc"
xmlns:rp="https://schemas.xmlsoap.org/rp">
<!--This policy requires that the body be encrypted by an X509
security token.-->
<wsp:Policy wsu:Id="encrypted-body-x509">
<wssp:Confidentiality wsp:Usage="wsp:Required">
<wssp:KeyInfo>
<wssp:SecurityToken>
<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType>
</wssp:SecurityToken>
</wssp:KeyInfo>
<wssp:MessageParts xmlns:rp="https://schemas.xmlsoap.org/rp" Dialect="https://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wssp:MessageParts>
</wssp:Confidentiality>
</wsp:Policy>
</policies>
</policyDocument>
See Also
Reference
<Algorithm> Element for <Confidentiality>
<KeyInfo> Element (WSE for Microsoft .NET) (1)
<MessageParts> Element for <Confidentiality> Element