Cosminexus V9 アプリケーションサーバ Webサービスセキュリティ構築ガイド
ここでは,Webサービスセキュリティ機能がサポートするWS-SecurityPolicy 1.3仕様の範囲を説明します。
WS-SecurityPolicy 1.3仕様の中の Protection Assertionsのうち,Webサービスセキュリティ機能がサポートする範囲を次の表に示します。
表A-6 Protection Assertionsのサポート範囲
該当個所※ | 大分類 | 小分類 | アサーション (XPath形式) |
サポートの有無 |
---|---|---|---|---|
4.1.1 | Integrity Assertions | SignedParts Assertion | /sp:SignedParts | ○ |
/sp:SignedParts/sp:Body | ○ | |||
/sp:SignedParts/sp:header | × | |||
/sp:SignedParts/sp:Attachments | × | |||
4.1.2 | SignedElements Assertion | /sp:SignedElements | × | |
4.2.1 | Confidentiality Assertions | EncryptedParts Assertion | /sp:EncryptedParts | ○ |
/sp:EncryptedParts/sp:Body | ○ | |||
/sp:EncryptedParts/sp:Header | × | |||
/sp:EncryptedParts/sp:Attachments | × | |||
4.2.2 | EncryptedElements Assertion | /sp:EncryptedElements | × | |
4.2.3 | ContentEncryptedElements Assertion | /sp:ContentEncryptedElements | × | |
4.3.1 | Required Elements Assertion | RequiredElements Assertion | /sp:RequiredElements | × |
4.3.2 | RequiredParts Assertion | /sp:RequiredParts | × |
WS-SecurityPolicy 1.3仕様の中の Token Assertionsのうち,Webサービスセキュリティ機能がサポートする範囲を次の表に示します。
表A-7 Token Assertionsのサポート範囲
該当個所※1 | 大分類 | 小分類 | アサーション (XPath形式) |
サポートの有無 |
---|---|---|---|---|
5.1 | Token Inclusion | − | @sp:IncludeToken | ○ |
5.2.1 | Token Issuer and Required Claims | Token Issuer | sp:Issuer | × |
5.2.2 | Token Issuer Name | sp:IssuerName | × | |
5.2.3 | Required Claims | wst:Claims | × | |
5.3.1 | Token Properties | [Derived Keys] Property | sp:RequireDerivedKeys | × |
5.3.2 | [Explicit Derived Keys] Property | sp:RequireExplicitDerivedKeys | × | |
5.3.3 | [Implied Derived Keys] Property | sp:RequireImpliedDerivedKeys | × | |
5.4.1 | Token Assertion Types | UsernameToken Assertion | /sp:UsernameToken | ○ |
/sp:UsernameToken/@sp:IncludeToken | ○※2 | |||
/sp:UsernameToken/sp:Issuer | × | |||
/sp:UsernameToken/sp:IssuerName | × | |||
/sp:UsernameToken/wst:Claims | × | |||
/sp:UsernameToken/wsp:Policy/sp:NoPassword | × | |||
/sp:UsernameToken/wsp:Policy/sp:HashPassword | ○ | |||
/sp13:UsernameToken/wsp:Policy/sp13:Created | × | |||
/sp13:UsernameToken/wsp:Policy/sp13:Nonce | × | |||
/sp:UsernameToken/wsp:Policy/sp:RequireDerivedKeys | × | |||
/sp:UsernameToken/wsp:Policy/sp:RequireExplicitDerivedKeys | × | |||
/sp:UsernameToken/wsp:Policy/sp:RequireImpliedDerivedKeys | × | |||
/sp:UsernameToken/wsp:Policy/sp:WssUsernameToken10 | ○ | |||
/sp:UsernameToken/wsp:Policy/sp:WssUsernameToken11 | × | |||
5.4.2 | Token Assertion Types | IssuedToken Assertion | /sp:IssuedToken | × |
5.4.3 | Token Assertion Types | X509Token Assertion | /sp:X509Token | ○ |
/sp:X509Token/@sp:IncludeToken | ○※3 | |||
/sp:X509Token/sp:Issuer | × | |||
/sp:X509Token/sp:IssuerName | × | |||
/sp:X509Token/wst:Claims | × | |||
/sp:X509Token/wsp:Policy/sp:RequireDerivedKeys | × | |||
/sp:X509Token/wsp:Policy/sp:RequireExplicitDerivedKeys | × | |||
/sp:X509Token/wsp:Policy/sp:RequireImpliedDerivedKeys | × | |||
/sp:X509Token/wsp:Policy/sp:RequireKeyIdentifierReference | × | |||
/sp:X509Token/wsp:Policy/sp:RequireIssuerSerialReference | × | |||
/sp:X509Token/wsp:Policy/sp:RequireEmbeddedTokenReference | × | |||
/sp:X509Token/wsp:Policy/sp:RequireThumbprintReference | × | |||
/sp:X509Token/wsp:Policy/sp:WssX509V3Token10 | ○ | |||
/sp:X509Token/wsp:Policy/sp:WssX509Pkcs7Token10 | × | |||
/sp:X509Token/wsp:Policy/sp:WssX509PkiPathV1Token10 | × | |||
/sp:X509Token/wsp:Policy/sp:WssX509V1Token11 | × | |||
/sp:X509Token/wsp:Policy/sp:WssX509V3Token11 | × | |||
/sp:X509Token/wsp:Policy/sp:WssX509Pkcs7Token11 | × | |||
/sp:X509Token/wsp:Policy/sp:WssX509PkiPathV1Token11 | × | |||
5.4.4 | Token Assertion Types | KerberosToken Assertion | /sp:KerberosToken | × |
5.4.5 | Token Assertion Types | SpnegoContextToken Assertion | /sp:SpnegoContextToken | × |
5.4.6 | Token Assertion Types | SecurityContextToken Assertion | /sp:SecurityContextToken | ○ |
/sp:SecurityContextToken/@sp:IncludeToken | ○※4 | |||
/sp:SecurityContextToken/sp:Issuer | × | |||
/sp:SecurityContextToken/sp:IssuerName | ○ | |||
/sp:SecurityContextToken/wst:Claims | × | |||
/sp:SecurityContextToken/wsp:Policy/sp:RequireDerivedKeys | × | |||
/sp:SecurityContextToken/wsp:Policy/sp:RequireExplicitDerivedKeys | × | |||
/sp:SecurityContextToken/wsp:Policy/sp:RequireImpliedDerivedKeys | × | |||
/sp:SecurityContextToken/wsp:Policy/sp:RequireExternalUriReference | × | |||
/sp:SecurityContextToken/wsp:Policy/sp:SC13SecurityContextToken | × | |||
5.4.7 | Token Assertion Types | SecureConversationToken Assertion | /sp:SecureConversationToken | × |
5.4.8 | Token Assertion Types | SamlToken Assertion | /sp:SamlToken | × |
5.4.9 | Token Assertion Types | RelToken Assertion | /sp:RelToken | × |
5.4.10 | Token Assertion Types | HttpsToken Assertion | /sp:HttpsToken | × |
5.4.11 | Token Assertion Types | KeyValueToken Assertion | /sp:KeyValueToken | × |
WS-SecurityPolicy 1.3仕様の中のSecurity Binding Assertionsのうち,Webサービスセキュリティ機能がサポートする範囲を次の表に示します。
表A-8 Security Binding Assertionsのサポート範囲
該当個所※ | 分類 | アサーション (XPath形式) |
サポートの有無 |
---|---|---|---|
7.1 | AlgorithmSuite Assertion | /sp:AlgorithmSuite | ○ |
/sp:AlgorithmSuite/wsp:Policy/sp:Basic128 | ○ | ||
/sp:AlgorithmSuite/wsp:Policy/sp:Basic128以外 | × | ||
7.2 | Layout Assertion | /sp:Layout | ○ |
/sp:Layout/wsp:Policy/sp:Strict | × | ||
/sp:Layout/wsp:Policy/sp:Lax | ○ | ||
/sp:Layout/wsp:Policy/sp:LaxTsFirst | × | ||
/sp:Layout/wsp:Policy/sp:LaxTsLast | × | ||
7.3 | TransportBinding Assertion | /sp:TransportBinding | × |
7.4 | SymmetricBinding Assertion | /sp:SymmetricBinding | ○ |
/sp:SymmetricBinding/wsp:Policy/sp:EncryptionToken | × | ||
/sp:SymmetricBinding/wsp:Policy/sp:SignatureToken | × | ||
/sp:SymmetricBinding/wsp:Policy/sp:ProtectionToken | ○ | ||
/sp:SymmetricBinding/wsp:Policy/sp:AlgorithmSuite | ○ | ||
/sp:SymmetricBinding/wsp:Policy/sp:Layout | ○ | ||
/sp:SymmetricBinding/wsp:Policy/sp:IncludeTimestamp | × | ||
/sp:SymmetricBinding/wsp:Policy/sp:EncryptBeforeSigning | × | ||
/sp:SymmetricBinding/wsp:Policy/sp:EncryptSignature | × | ||
/sp:SymmetricBinding/wsp:Policy/sp:ProtectTokens | × | ||
/sp:SymmetricBinding/wsp:Policy/sp:OnlySignEntireHeadersAndBody | × | ||
7.5 | AsymmetricBinding Assertion | /sp:AsymmetricBinding | ○ |
/sp:AsymmetricBinding/wsp:Policy/sp:InitiatorToken | ○ | ||
/sp:AsymmetricBinding/wsp:Policy/sp:InitiatorSignatureToken | × | ||
/sp:AsymmetricBinding/wsp:Policy/sp:InitiatorEncryptionToken | × | ||
/sp:AsymmetricBinding/wsp:Policy/sp:RecipientToken | ○ | ||
/sp:AsymmetricBinding/wsp:Policy/sp:RecipientSignatureToken | × | ||
/sp:AsymmetricBinding/wsp:Policy/sp:RecipientEncryptionToken | × | ||
/sp:AsymmetricBinding/wsp:Policy/sp:AlgorithmSuite | ○ | ||
/sp:AsymmetricBinding/wsp:Policy/sp:Layout | ○ | ||
/sp:AsymmetricBinding/wsp:Policy/sp:IncludeTimestamp | × | ||
/sp:AsymmetricBinding/wsp:Policy/sp:EncryptBeforeSigning | × | ||
/sp:AsymmetricBinding/wsp:Policy/sp:EncryptSignature | × | ||
/sp:AsymmetricBinding/wsp:Policy/sp:ProtectTokens | × | ||
/sp:AsymmetricBinding/wsp:Policy/sp:OnlySignEntireHeadersAndBody | ○ |
WS-SecurityPolicy 1.3仕様の中の Supporting Tokensのうち,Webサービスセキュリティ機能がサポートする範囲を次の表に示します。
表A-9 Supporting Tokensのサポート範囲
該当個所※ | 分類 | アサーション (XPath形式) |
サポートの有無 |
---|---|---|---|
8.1 | SupportingTokens Assertion | /sp:SupportingTokens | ○ |
/sp:SupportingTokens/wsp:Policy/sp:AlgorithmSuite | × | ||
/sp:SupportingTokens/wsp:Policy/sp:SignedParts | × | ||
/sp:SupportingTokens/wsp:Policy/sp:SignedElements | × | ||
/sp:SupportingTokens/wsp:Policy/sp:EncryptedParts | × | ||
/sp:SupportingTokens/wsp:Policy/sp:EncryptedElements | × | ||
8.2 | SignedSupportingTokens Assertion | /sp:SignedSupportingTokens | × |
8.3 | EndorsingSupportingTokens Assertion | /sp:EndorsingSupportingTokens | × |
8.4 | SignedEndorsingSupportingTokens Assertion | /sp:SignedEndorsingSupportingTokens | × |
8.5 | SignedEncryptedSupportingTokens Assertion | sp:SignedEncryptedSupportingTokens | × |
8.6 | EncryptedSupportingTokens Assertion | sp:EncryptedSupportingTokens | × |
8.7 | EndorsingEncryptedSupportingTokens Assertion | sp:EndorsingEncryptedSupportingTokens | × |
8.8 | SignedEndorsingEncryptedSupportingTokens Assertion | sp:SignedEndorsingEncryptedSupportingTokens | × |
WS-SecurityPolicy 1.3仕様の中の WSS:SOAP Message Security Optionsは,Webサービスセキュリティ機能ではサポートしていません。
表A-10 WSS:SOAP Message Security Optionsのサポート範囲
該当個所※ | 分類 | アサーション (XPath形式) |
サポートの有無 |
---|---|---|---|
9.1 | Wss10 Assertion | /sp:Wss10 | × |
/sp:Wss10/wsp:Policy/sp:MustSupportRefKeyIdentifier | × | ||
/sp:Wss10/wsp:Policy/sp:MustSupportRefIssuerSerial | × | ||
/sp:Wss10/wsp:Policy/sp:MustSupportRefExternalURI | × | ||
/sp:Wss10/wsp:Policy/sp:MustSupportRefEmbeddedToken | × | ||
9.2 | Wss11 Assertion | /sp:Wss11 | × |
/sp:Wss11/wsp:Policy/sp:MustSupportRefKeyIdentifier | × | ||
/sp:Wss11/wsp:Policy/sp:MustSupportRefIssuerSerial | × | ||
/sp:Wss11/wsp:Policy/sp:MustSupportRefExternalURI | × | ||
/sp:Wss11/wsp:Policy/sp:MustSupportRefEmbeddedToken | × | ||
/sp:Wss11/wsp:Policy/sp:MustSupportRefThumbprint | × | ||
/sp:Wss11/wsp:Policy/sp:MustSupportRefEncryptedKey | × | ||
/sp:Wss11/wsp:Policy/sp:RequireSignatureConfirmation | × |
WS-SecurityPolicy 1.3仕様の中の WS-Trust Optionsは,Webサービスセキュリティ機能ではサポートしていません。
表A-11 WS-Trust Optionsのサポート範囲
該当個所※ | 分類 | アサーション(XPath形式) | サポートの有無 |
---|---|---|---|
10.1 | Trust13 Assertion | /sp:Trust13 | × |
All Rights Reserved. Copyright (C) 2012, 2015, Hitachi, Ltd.