Types of Security Shared Resources

Table Types of Security Shared Resources lists the types of shared resources types used by different policies. You must use an appropriate shared resource properties file to create the policy. See Policy And Shared Resource Property File.

For example, to create authentication policy to authenticate an username against LDAP server, you must register the LDAP shared resource property file.

Types of Security Shared Resources
Type Description
LDAP LDAP authentication shared resource provides the ability to authenticate a username and password against an LDAP server.
Trust Identity The Trust Identity Provider is used for retrieving certificates required for performing trust operations from a credential store.

For example, use Trust identity provider (TIP) for verifying signature or encryption and SSL client authentication.

Subject Identity The Subject Identity Provider is used for retrieving and using private credentials obtained from a credential store.

For example, use Subject identity provider (SIP) for signing or decryption.

WSS WS security authentication provider is used as a combination of LDAP, Trust Identity Provider(TIP), and Subject Identity Provider(SIP).
Note:
  • WSS shared resource is a combination of LDAP authentication, Trust Identity and Subject Identity Providers. Depending on the usage of shared resource, WSS can be configured to include one or more types of shared resource that it is used for.
  • Trust Identity Provider (TIP) and Subject Identity Provider (SIP) depends on Keystore Credential Provider (KCP), so TIP and SIP always include an associated KCP.