<Parent> Element
Specifies the security token that a DerivedKeyToken was derived from.
<policyDocument> Element
<policies> Element
<Policy> Element (WSE for Microsoft .NET) (1)
<Confidentiality> Element
<KeyInfo> Element (WSE for Microsoft .NET) (1)
<SecurityToken> Element
<Claims> Element
<policyDocument> Element
<policies> Element
<Policy> Element (WSE for Microsoft .NET) (1)
<Integrity> Element
<TokenInfo> Element
<SecurityToken> Element
<Claims> Element
<wse:Parent>
<wssp:SecurityToken
xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext">
</wssp:SecurityToken>
</wse:Parent>
Attributes and Elements
Attributes
None
Child Elements
| Element | Decription |
|---|---|
Required element. The security token that a DerivedKeyToken was derived from |
Parent Elements
| Element | Description |
|---|---|
Specifies requirements that are specific to a security token type. |
Remarks
When a <TokenType> Element element is used to specify a DerivedKeyToken security token using the https://schemas.xmlsoap.org/ws/2004/04/security/sc/dk Uniform Resource Identifier (URI) in a policy file, the security token from which the DerivedKeyToken security token was derived from can be specified using a <Parent> element. Add a <Claims> Element child element to the <TokenType> Element element, and then add the <Parent> element under the <Claims> Element element. The details of the security token that the DerivedKeyToken security token was derived from is then specified in a child <SecurityToken> Element element of the <Parent> element.
Note
When a policy file contains a <Parent> element that refers to a SecurityContextToken security token, policy verification will accept SOAP messages that use a DerivedKeyToken security token in that context, as long as the DerivedKeyToken is derived from a SecurityContextToken that matches the specified SecurityContextToken requirements.
Example
The following code example is a policy file for a SOAP message sender that sends SOAP requests to a target Web service that issues SecurityContextToken security tokens. The policy requires that SOAP requests sent to the http://www.cohowinery.com/DerivedKeyTokenService.asmx endpoint are signed and encrypted using a DerivedKeyToken security token that is derived from a SecurityContextToken security token issued from the same endpoint.
Note
This code example is designed to demonstrate WSE features and is not intended for production use.
<?xml version="1.0" encoding="utf-8"?>
<policyDocument xmlns="https://schemas.microsoft.com/wse/2003/06/Policy">
<mappings>
<endpoint uri="http://www.cohowinery.com/DerivedKeyTokenService.asmx">
<operation
requestAction="https://www.contoso.com/StockQuoteRequest">
<request policy="#Target-Service-Policy" />
<response policy="" />
<fault policy="" />
</operation>
</endpoint>
</mappings>
<policies
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wse="https://schemas.microsoft.com/wse/2003/06/Policy">
<wsp:Policy wsu:Id="Target-Service-Policy"
xmlns:wsp="https://schemas.xmlsoap.org/ws/2002/12/policy"
xmlns:wsa="https://schemas.xmlsoap.org/ws/2004/03/addressing">
<!--
Integrity is used to require the headers to be signed.
Note that only an authenticated derived key token is
required. Many Web services will also use the token
for authorization, such as by using the <wse:Role>
claim.
-->
<wssp:Integrity wsp:Usage="wsp:Required"
xmlns:wssp="https://schemas.xmlsoap.org/ws/2002/12/secext">
<wssp:TokenInfo>
<SecurityToken xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext">
<wssp:TokenType>https://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</wssp:TokenType>
<Claims>
<wse:Parent> <SecurityToken xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext"> <wssp:TokenType>https://schemas.xmlsoap.org/ws/2004/04/security/sc/sct</wssp:TokenType> <wssp:Claims> <wse:IssuerToken> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType> <wssp:Claims> <wssp:SubjectName>CN=WSE2QuickStartServer</wssp:SubjectName> </wssp:Claims> </wssp:SecurityToken> </wse:IssuerToken> <wse:BaseToken> <SecurityToken xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType> <wssp:Claims> <!-- By specifying the SubjectName claim here, Policy can look for a certificate with this subject name in the certificate store indicated in the application's configuration. The X.509 Certificate Tool is useful for finding the correct values for this field. --> <wssp:SubjectName>CN=WSE2QuickStartClient</wssp:SubjectName> </wssp:Claims> </SecurityToken> </wse:BaseToken> </wssp:Claims> </SecurityToken> </wse:Parent>
</Claims>
</SecurityToken>
</wssp:TokenInfo>
<wssp:MessageParts
Dialect="https://schemas.xmlsoap.org/2002/12/wsse#part">
wsp:Body() wse:Timestamp() wse:Addressing()
</wssp:MessageParts>
</wssp:Integrity>
<!--
The Confidentiality assertion is used to require that
the SOAP Body is encrypted.
-->
<wssp:Confidentiality wsp:Usage="wsp:Required"
xmlns:wssp="https://schemas.xmlsoap.org/ws/2002/12/secext">
<wssp:KeyInfo>
<SecurityToken
xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext">
<wssp:TokenType>https://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</wssp:TokenType>
<Claims>
<wse:Parent> <SecurityToken xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext"> <wssp:TokenType>https://schemas.xmlsoap.org/ws/2004/04/security/sc/sct</wssp:TokenType> <wssp:Claims> <wse:IssuerToken> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType> <wssp:Claims> <wssp:SubjectName>CN=WSE2QuickStartServer</wssp:SubjectName> </wssp:Claims> </wssp:SecurityToken> </wse:IssuerToken> <wse:BaseToken> <SecurityToken xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType> <wssp:Claims> <!-- By specifying the SubjectName claim here, Policy can look for a certificate with this subject name in the certificate store indicated in the application's configuration. The WSE X.509 Certificate Tool is useful for finding the correct values for this field. --> <wssp:SubjectName>CN=WSE2QuickStartClient</wssp:SubjectName> </wssp:Claims> </SecurityToken> </wse:BaseToken> </wssp:Claims> </SecurityToken> </wse:Parent>
</Claims>
</SecurityToken>
</wssp:KeyInfo>
<wssp:MessageParts
Dialect="https://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wssp:MessageParts>
</wssp:Confidentiality>
</wsp:Policy>
</policies>
</policyDocument>
See Also
Reference
<Claims> Element
<TokenType> Element
DerivedKeyToken
SecurityContextToken