付録A.5 WS-SecurityPolicy 1.3仕様のサポート範囲
ここでは,Webサービスセキュリティ機能がサポートするWS-SecurityPolicy 1.3仕様の範囲を説明します。
- 〈この項の構成〉
(1) Protection Assertionsのサポート範囲
WS-SecurityPolicy 1.3仕様の中の Protection Assertionsのうち,Webサービスセキュリティ機能がサポートする範囲を次の表に示します。
該当個所※ |
大分類 |
小分類 |
アサーション (XPath形式) |
サポートの有無 |
---|---|---|---|---|
4.1.1 |
/sp:SignedParts |
○ |
||
/sp:SignedParts/sp:Body |
○ |
|||
/sp:SignedParts/sp:header |
× |
|||
/sp:SignedParts/sp:Attachments |
× |
|||
4.1.2 |
/sp:SignedElements |
× |
||
4.2.1 |
/sp:EncryptedParts |
○ |
||
/sp:EncryptedParts/sp:Body |
○ |
|||
/sp:EncryptedParts/sp:Header |
× |
|||
/sp:EncryptedParts/sp:Attachments |
× |
|||
4.2.2 |
/sp:EncryptedElements |
× |
||
4.2.3 |
/sp:ContentEncryptedElements |
× |
||
4.3.1 |
/sp:RequiredElements |
× |
||
4.3.2 |
/sp:RequiredParts |
× |
(2) Token Assertionsのサポート範囲
WS-SecurityPolicy 1.3仕様の中の Token Assertionsのうち,Webサービスセキュリティ機能がサポートする範囲を次の表に示します。
該当個所※1 |
大分類 |
小分類 |
アサーション (XPath形式) |
サポートの有無 |
---|---|---|---|---|
5.1 |
Token Inclusion |
− |
@sp:IncludeToken |
○ |
5.2.1 |
Token Issuer and Required Claims |
Token Issuer |
sp:Issuer |
× |
5.2.2 |
Token Issuer Name |
sp:IssuerName |
× |
|
5.2.3 |
Required Claims |
wst:Claims |
× |
|
5.3.1 |
Token Properties |
[Derived Keys] Property |
sp:RequireDerivedKeys |
× |
5.3.2 |
[Explicit Derived Keys] Property |
sp:RequireExplicitDerivedKeys |
× |
|
5.3.3 |
[Implied Derived Keys] Property |
sp:RequireImpliedDerivedKeys |
× |
|
5.4.1 |
Token Assertion Types |
UsernameToken Assertion |
/sp:UsernameToken |
○ |
/sp:UsernameToken/@sp:IncludeToken |
○※2 |
|||
/sp:UsernameToken/sp:Issuer |
× |
|||
/sp:UsernameToken/sp:IssuerName |
× |
|||
/sp:UsernameToken/wst:Claims |
× |
|||
/sp:UsernameToken/wsp:Policy/sp:NoPassword |
× |
|||
/sp:UsernameToken/wsp:Policy/sp:HashPassword |
○ |
|||
/sp13:UsernameToken/wsp:Policy/sp13:Created |
× |
|||
/sp13:UsernameToken/wsp:Policy/sp13:Nonce |
× |
|||
/sp:UsernameToken/wsp:Policy/sp:RequireDerivedKeys |
× |
|||
/sp:UsernameToken/wsp:Policy/sp:RequireExplicitDerivedKeys |
× |
|||
/sp:UsernameToken/wsp:Policy/sp:RequireImpliedDerivedKeys |
× |
|||
/sp:UsernameToken/wsp:Policy/sp:WssUsernameToken10 |
○ |
|||
/sp:UsernameToken/wsp:Policy/sp:WssUsernameToken11 |
× |
|||
5.4.2 |
Token Assertion Types |
IssuedToken Assertion |
/sp:IssuedToken |
× |
5.4.3 |
Token Assertion Types |
X509Token Assertion |
/sp:X509Token |
○ |
/sp:X509Token/@sp:IncludeToken |
○※3 |
|||
/sp:X509Token/sp:Issuer |
× |
|||
/sp:X509Token/sp:IssuerName |
× |
|||
/sp:X509Token/wst:Claims |
× |
|||
/sp:X509Token/wsp:Policy/sp:RequireDerivedKeys |
× |
|||
/sp:X509Token/wsp:Policy/sp:RequireExplicitDerivedKeys |
× |
|||
/sp:X509Token/wsp:Policy/sp:RequireImpliedDerivedKeys |
× |
|||
/sp:X509Token/wsp:Policy/sp:RequireKeyIdentifierReference |
× |
|||
/sp:X509Token/wsp:Policy/sp:RequireIssuerSerialReference |
× |
|||
/sp:X509Token/wsp:Policy/sp:RequireEmbeddedTokenReference |
× |
|||
/sp:X509Token/wsp:Policy/sp:RequireThumbprintReference |
× |
|||
/sp:X509Token/wsp:Policy/sp:WssX509V3Token10 |
○ |
|||
/sp:X509Token/wsp:Policy/sp:WssX509Pkcs7Token10 |
× |
|||
/sp:X509Token/wsp:Policy/sp:WssX509PkiPathV1Token10 |
× |
|||
/sp:X509Token/wsp:Policy/sp:WssX509V1Token11 |
× |
|||
/sp:X509Token/wsp:Policy/sp:WssX509V3Token11 |
× |
|||
/sp:X509Token/wsp:Policy/sp:WssX509Pkcs7Token11 |
× |
|||
/sp:X509Token/wsp:Policy/sp:WssX509PkiPathV1Token11 |
× |
|||
5.4.4 |
Token Assertion Types |
KerberosToken Assertion |
/sp:KerberosToken |
× |
5.4.5 |
Token Assertion Types |
SpnegoContextToken Assertion |
/sp:SpnegoContextToken |
× |
5.4.6 |
Token Assertion Types |
SecurityContextToken Assertion |
/sp:SecurityContextToken |
○ |
/sp:SecurityContextToken/@sp:IncludeToken |
○※4 |
|||
/sp:SecurityContextToken/sp:Issuer |
× |
|||
/sp:SecurityContextToken/sp:IssuerName |
○ |
|||
/sp:SecurityContextToken/wst:Claims |
× |
|||
/sp:SecurityContextToken/wsp:Policy/sp:RequireDerivedKeys |
× |
|||
/sp:SecurityContextToken/wsp:Policy/sp:RequireExplicitDerivedKeys |
× |
|||
/sp:SecurityContextToken/wsp:Policy/sp:RequireImpliedDerivedKeys |
× |
|||
/sp:SecurityContextToken/wsp:Policy/sp:RequireExternalUriReference |
× |
|||
/sp:SecurityContextToken/wsp:Policy/sp:SC13SecurityContextToken |
× |
|||
5.4.7 |
Token Assertion Types |
SecureConversationToken Assertion |
/sp:SecureConversationToken |
× |
5.4.8 |
Token Assertion Types |
SamlToken Assertion |
/sp:SamlToken |
× |
5.4.9 |
Token Assertion Types |
RelToken Assertion |
/sp:RelToken |
× |
5.4.10 |
Token Assertion Types |
HttpsToken Assertion |
/sp:HttpsToken |
× |
5.4.11 |
Token Assertion Types |
KeyValueToken Assertion |
/sp:KeyValueToken |
× |
(3) Security Binding Assertionsのサポート範囲
WS-SecurityPolicy 1.3仕様の中のSecurity Binding Assertionsのうち,Webサービスセキュリティ機能がサポートする範囲を次の表に示します。
該当個所※ |
分類 |
アサーション (XPath形式) |
サポートの有無 |
---|---|---|---|
7.1 |
AlgorithmSuite Assertion |
/sp:AlgorithmSuite |
○ |
/sp:AlgorithmSuite/wsp:Policy/sp:Basic128 |
○ |
||
/sp:AlgorithmSuite/wsp:Policy/sp:Basic128以外 |
× |
||
7.2 |
Layout Assertion |
/sp:Layout |
○ |
/sp:Layout/wsp:Policy/sp:Strict |
× |
||
/sp:Layout/wsp:Policy/sp:Lax |
○ |
||
/sp:Layout/wsp:Policy/sp:LaxTsFirst |
× |
||
/sp:Layout/wsp:Policy/sp:LaxTsLast |
× |
||
7.3 |
TransportBinding Assertion |
/sp:TransportBinding |
× |
7.4 |
SymmetricBinding Assertion |
/sp:SymmetricBinding |
○ |
/sp:SymmetricBinding/wsp:Policy/sp:EncryptionToken |
× |
||
/sp:SymmetricBinding/wsp:Policy/sp:SignatureToken |
× |
||
/sp:SymmetricBinding/wsp:Policy/sp:ProtectionToken |
○ |
||
/sp:SymmetricBinding/wsp:Policy/sp:AlgorithmSuite |
○ |
||
/sp:SymmetricBinding/wsp:Policy/sp:Layout |
○ |
||
/sp:SymmetricBinding/wsp:Policy/sp:IncludeTimestamp |
× |
||
/sp:SymmetricBinding/wsp:Policy/sp:EncryptBeforeSigning |
× |
||
/sp:SymmetricBinding/wsp:Policy/sp:EncryptSignature |
× |
||
/sp:SymmetricBinding/wsp:Policy/sp:ProtectTokens |
× |
||
/sp:SymmetricBinding/wsp:Policy/sp:OnlySignEntireHeadersAndBody |
× |
||
7.5 |
AsymmetricBinding Assertion |
/sp:AsymmetricBinding |
○ |
/sp:AsymmetricBinding/wsp:Policy/sp:InitiatorToken |
○ |
||
/sp:AsymmetricBinding/wsp:Policy/sp:InitiatorSignatureToken |
× |
||
/sp:AsymmetricBinding/wsp:Policy/sp:InitiatorEncryptionToken |
× |
||
/sp:AsymmetricBinding/wsp:Policy/sp:RecipientToken |
○ |
||
/sp:AsymmetricBinding/wsp:Policy/sp:RecipientSignatureToken |
× |
||
/sp:AsymmetricBinding/wsp:Policy/sp:RecipientEncryptionToken |
× |
||
/sp:AsymmetricBinding/wsp:Policy/sp:AlgorithmSuite |
○ |
||
/sp:AsymmetricBinding/wsp:Policy/sp:Layout |
○ |
||
/sp:AsymmetricBinding/wsp:Policy/sp:IncludeTimestamp |
× |
||
/sp:AsymmetricBinding/wsp:Policy/sp:EncryptBeforeSigning |
× |
||
/sp:AsymmetricBinding/wsp:Policy/sp:EncryptSignature |
× |
||
/sp:AsymmetricBinding/wsp:Policy/sp:ProtectTokens |
× |
||
/sp:AsymmetricBinding/wsp:Policy/sp:OnlySignEntireHeadersAndBody |
○ |
(4) Supporting Tokensのサポート範囲
WS-SecurityPolicy 1.3仕様の中の Supporting Tokensのうち,Webサービスセキュリティ機能がサポートする範囲を次の表に示します。
該当個所※ |
分類 |
アサーション (XPath形式) |
サポートの有無 |
---|---|---|---|
8.1 |
SupportingTokens Assertion |
/sp:SupportingTokens |
○ |
/sp:SupportingTokens/wsp:Policy/sp:AlgorithmSuite |
× |
||
/sp:SupportingTokens/wsp:Policy/sp:SignedParts |
× |
||
/sp:SupportingTokens/wsp:Policy/sp:SignedElements |
× |
||
/sp:SupportingTokens/wsp:Policy/sp:EncryptedParts |
× |
||
/sp:SupportingTokens/wsp:Policy/sp:EncryptedElements |
× |
||
8.2 |
SignedSupportingTokens Assertion |
/sp:SignedSupportingTokens |
× |
8.3 |
EndorsingSupportingTokens Assertion |
/sp:EndorsingSupportingTokens |
× |
8.4 |
SignedEndorsingSupportingTokens Assertion |
/sp:SignedEndorsingSupportingTokens |
× |
8.5 |
SignedEncryptedSupportingTokens Assertion |
sp:SignedEncryptedSupportingTokens |
× |
8.6 |
EncryptedSupportingTokens Assertion |
sp:EncryptedSupportingTokens |
× |
8.7 |
EndorsingEncryptedSupportingTokens Assertion |
sp:EndorsingEncryptedSupportingTokens |
× |
8.8 |
SignedEndorsingEncryptedSupportingTokens Assertion |
sp:SignedEndorsingEncryptedSupportingTokens |
× |
(5) WSS:SOAP Message Security Optionsのサポート範囲
WS-SecurityPolicy 1.3仕様の中の WSS:SOAP Message Security Optionsは,Webサービスセキュリティ機能ではサポートしていません。
該当個所※ |
分類 |
アサーション (XPath形式) |
サポートの有無 |
---|---|---|---|
9.1 |
Wss10 Assertion |
/sp:Wss10 |
× |
/sp:Wss10/wsp:Policy/sp:MustSupportRefKeyIdentifier |
× |
||
/sp:Wss10/wsp:Policy/sp:MustSupportRefIssuerSerial |
× |
||
/sp:Wss10/wsp:Policy/sp:MustSupportRefExternalURI |
× |
||
/sp:Wss10/wsp:Policy/sp:MustSupportRefEmbeddedToken |
× |
||
9.2 |
Wss11 Assertion |
/sp:Wss11 |
× |
/sp:Wss11/wsp:Policy/sp:MustSupportRefKeyIdentifier |
× |
||
/sp:Wss11/wsp:Policy/sp:MustSupportRefIssuerSerial |
× |
||
/sp:Wss11/wsp:Policy/sp:MustSupportRefExternalURI |
× |
||
/sp:Wss11/wsp:Policy/sp:MustSupportRefEmbeddedToken |
× |
||
/sp:Wss11/wsp:Policy/sp:MustSupportRefThumbprint |
× |
||
/sp:Wss11/wsp:Policy/sp:MustSupportRefEncryptedKey |
× |
||
/sp:Wss11/wsp:Policy/sp:RequireSignatureConfirmation |
× |