Configuring Message-Level Security 2-117 xmlns:wsu=http:docs.oasis-open.orgwss200401oasis-200401-wss-wssecurity-util ity-1.0.xsd xmlns:wls=http:www.bea.comwls90securitypolicywseepart wssp:Integrity wssp:SignatureAlgorithm URI=http:www.w3.org200009xmldsigrsa-sha1 wssp:CanonicalizationAlgorithm URI=http:www.w3.org200110xml-exc-c14n wssp:Target wssp:DigestAlgorithm URI=http:www.w3.org200009xmldsigsha1 wssp:MessageParts Dialect=http:www.bea.comwls90securitypolicywseepart wls:SystemHeaders wssp:MessageParts wssp:Target wssp:Target wssp:DigestAlgorithm URI=http:www.w3.org200009xmldsigsha1 wssp:MessageParts Dialect=http:www.bea.comwls90securitypolicywseepart wls:SecurityHeaderwsu:Timestamp wssp:MessageParts wssp:Target wssp:Target wssp:DigestAlgorithm URI=http:www.w3.org200009xmldsigsha1 wssp:MessageParts Dialect=http:schemas.xmlsoap.org200212wssepart wsp:Body wssp:MessageParts wssp:Target wssp:Integrity wssp:MessageAge wsp:Policy

2.25.4 Encrypt.xml

The WebLogic Server Encrypt.xml file specifies that the entire body of the SOAP message be encrypted. By default, the encryption token is not included in the SOAP message. Example 2–35 Encrypt.xml ?xml version=1.0? wsp:Policy xmlns:wsp=http:schemas.xmlsoap.orgws200409policy xmlns:wssp=http:www.bea.comwls90securitypolicy wssp:Confidentiality wssp:KeyWrappingAlgorithm URI=http:www.w3.org200104xmlencrsa-1_5 wssp:Target wssp:EncryptionAlgorithm URI=http:www.w3.org200104xmlenctripledes-cbc wssp:MessageParts Dialect=http:schemas.xmlsoap.org200212wssepart wsp:Body wssp:MessageParts wssp:Target wssp:KeyInfo wssp:Confidentiality wsp:Policy 2-118 Securing WebLogic Web Services for Oracle WebLogic Server

2.25.5 Wssc-dk.xml

Specifies that the client and Web service share a security context, as described by the WS-SecureConversation specification, and that a derived key token is used. This ensures the highest form of security. This policy file provides the following configuration: ■ A derived key token is used to sign all system SOAP headers, the timestamp security SOAP header, and the SOAP body. ■ A derived key token is used to encrypt the body of the SOAP message. This token is different from the one used for signing. ■ Each SOAP message uses its own pair of derived keys. ■ For both digital signatures and encryption, the key length is 16 as opposed to the default 32 ■ The lifetime of the security context is 12 hours. If you need to change the default security context and derived key behavior, you will have to create a custom security policy file, described in later sections. Example 2–36 Wssc-dk.xml ?xml version=1.0? wsp:Policy xmlns:wsp=http:schemas.xmlsoap.orgws200409policy xmlns:wssp=http:www.bea.comwls90securitypolicy xmlns:wsu=http:docs.oasis-open.orgwss200401oasis-200401-wss-wssecurity-util ity-1.0.xsd xmlns:wls=http:www.bea.comwls90securitypolicywseepart wssp:Integrity SupportTrust10=true wssp:SignatureAlgorithm URI=http:www.w3.org200009xmldsighmac-sha1 wssp:CanonicalizationAlgorithm URI=http:www.w3.org200110xml-exc-c14n wssp:Target wssp:DigestAlgorithm URI=http:www.w3.org200009xmldsigsha1 wssp:MessageParts Dialect=http:www.bea.comwls90securitypolicywseepart wls:SystemHeaders wssp:MessageParts wssp:Target wssp:Target wssp:DigestAlgorithm URI=http:www.w3.org200009xmldsigsha1 wssp:MessageParts Dialect=http:www.bea.comwls90securitypolicywseepart wls:SecurityHeaderwsu:Timestamp wssp:MessageParts wssp:Target wssp:Target wssp:DigestAlgorithm URI=http:www.w3.org200009xmldsigsha1 wssp:MessageParts Dialect=http:schemas.xmlsoap.org200212wssepart wsp:Body wssp:MessageParts Note: If you specify this predefined security policy file, you should not also specify any other predefined security policy file. Configuring Message-Level Security 2-119 wssp:Target wssp:SupportedTokens wssp:SecurityToken IncludeInMessage=true TokenType=http:schemas.xmlsoap.orgws200502scdk DerivedFromTokenType=http:schemas.xmlsoap.orgws200502scsct wssp:Claims wssp:LabelWS-SecureConversationWS-SecureConversationwssp:Label wssp:Length16wssp:Length wssp:Claims wssp:SecurityToken wssp:SupportedTokens wssp:Integrity wssp:Confidentiality SupportTrust10=true wssp:Target wssp:EncryptionAlgorithm URI=http:www.w3.org200104xmlencaes128-cbc wssp:MessageParts Dialect=http:schemas.xmlsoap.org200212wssepart wsp:Bodywssp:MessageParts wssp:Target wssp:KeyInfo wssp:SecurityToken IncludeInMessage=true TokenType=http:schemas.xmlsoap.orgws200502scdk DerivedFromTokenType=http:schemas.xmlsoap.orgws200502scsct wssp:Claims wssp:LabelWS-SecureConversationWS-SecureConversationwssp:Label wssp:Length16wssp:Length wssp:Claims wssp:SecurityToken wssp:KeyInfo wssp:Confidentiality wssp:MessageAge wsp:Policy

2.25.6 Wssc-sct.xml