Copyright © Cloud Software Group, Inc. All Rights Reserved

Security Policy Association

Shared Configuration

The Security Policy Association shared configuration resource associates a Security Policy with a particular Service operation or SOAP resource in your project. This allows you to specify security policies for inbound or outbound SOAP messages on a per-operation or per-activity basis.

When a security policy is attached to a resource that receives SOAP messages (for example, SOAP Event Source, or the reply message of a SOAP Request Reply activity), the associated security policy is used for the incoming message. For example, if authentication is specified in the security policy, then the identity of the sender of incoming messages is checked against a list of trusted identities.

When a security policy is attached to a resource that sends SOAP messages (for example, SOAP Request Reply, SOAP Send Fault, or SOAP Send Reply), the security the associated security policy is used for the outgoing message. For example, if encryption is specified in the security policy, the outgoing message is encrypted before it is sent.

Security Policy Association shared configuration resources are not referenced by resources in process definitions. Therefore, they are not automatically included in Enterprise Archive files. You must manually add Security Policy Association resources to the Shared Archive within an Enterprise Archive for the associations to work properly in a deployed project. See TIBCO ActiveMatrix BusinessWorks Administration for more information about adding resources to the Shared Archive.

To run a project with security policy associations successfully, ensure that all the policy associations in the project are valid. Any invalid associations must be removed from the project before running the project.

Configuration

The Configuration tab has the following fields.

Field	Global Var?	Description
Name	No	The name to appear as the label for the resource.
Description	No	Short description of the shared resource.
Apply Policy To	No	The SOAP resources or Service operations to which you want to apply a Security Policy. Use the Select button to choose the desired SOAP resources or Service operations. Only the appropriate policy fields are available based on the selected resource. For example, when you select a SOAP Event Source, only the Inbound Message Policy field is available.
Inbound Message Policy	No	A Security Policy resource that specifies the security characteristics you want to apply to inbound messages.
Outbound Message Policy	No	A Security Policy resource that specifies the security characteristics you want to apply to outbound messages.
Inbound Fault Message Policy	No	A Security Policy resource that specifies the security characteristics you want to apply to inbound fault messages.
Outbound Fault Message Policy	No	A Security Policy resource that specifies the security characteristics you want to apply to outbound fault messages.

Inbound

The Inbound tab has the following fields.

Field	Global Var?	Description
Message Elements for Signature	No	Specifies an XPath expression to select the elements within the SOAP message that are expected to have a signature. If the incoming message does not have a signature for the selected elements, an exception is thrown.
Message Elements for Encryption	No	Specifies an XPath expression to select the elements within the SOAP message that are expected to be encrypted. If the elements selected in the incoming message are not encrypted, an exception is thrown.
Prefix Namespace Pair	No	Specify the namespace associated to the prefix used. Note: Only for elements that are not part of the schema. The table consists of two columns: • Prefix- Specify the prefix used. • Namespace- Select the namespace to be associated with the specified prefix.

Outbound

The Outbound tab has the following fields.

Field	Global Var?	Description
Message Elements for Signature	No	Specifies an XPath expression to select the elements of outgoing messages for which you want to include a signature, if a signature is specified in the selected Security Policy resource.
Message parts for Encryption	No	Specifies an XPath expression to select the elements of outgoing message parts that you want to encrypt, if confidentiality is specified in the selected Security Policy resource.
Prefix Namespace Pair	No	Specify the namespace associated to the prefix used. Note: Only for elements that are not part of the schema. The table consists of two columns: • Prefix- Specify the prefix used. • Namespace- Select the namespace to be associated with the specified prefix.

Support for Unqualified Elements

To use unqualified elements, complete one of the following tasks:

•	Create a new Security Policy Association with the required fields.

•	Edit the existing Security Policy Association by:

−	Removing the unqualified element.

−	Modifying the inbound/outbound field.

−	Save the project.

−	Add the unqualified element again.

Copyright © Cloud Software Group, Inc. All Rights Reserved