Sun Microsystems 820433510 Server User Manual


 
About Digital Signatures
The Enterprise Server uses XML Digital signatures to bind an authentication identity to
message content. Clients use digital signatures to establish their caller identity, analogous to the
way basic authentication or SSL client certicate authentication have been used to do the same
thing when transport layer security is being used. Digital signatures are veried by the message
receiver to authenticate the source of the message content (which may be dierent from the
sender of the message.)
When using digital signatures, valid keystore and truststore les must be congured on the
Enterprise Server. For more information on this topic, read
“About Certicate Files” on
page 111
.
About Encryption
The purpose of encryption is to modify the data such that it can only be understood by its
intended audience. This is accomplished by substituting an encrypted element for the original
content. When predicated on public key cryptography, encryption can be used to establish the
identity of the parties that can read a message.
When using Encryption, you must have an installed JCE provider that supports encryption. For
more information on this topic, read
“Conguring a JCE Provider” on page 135.
About Message Protection Policies
Message protection policies are dened for request message processing and response message
processing and are expressed in terms of requirements for source and/or recipient
authentication. A source authentication policy represents a requirement that the identity of the
entity that sent a message or that dened the content of a message be established in the message
such that it can be authenticated by the message receiver. A recipient authentication policy
represents a requirement that the message be sent such that the identity of the entities that can
receive the message can be established by the message sender. The providers apply specic
message security mechanisms to cause the message protection policies to be realized in the
context of SOAP web services messages.Request and response message protection policies are
dened when a provider is congured into a container. Application-specic message protection
policies (at the granularity of the web service port or operation) may also be congured within
the Sun-specic deployment descriptors of the application or application client. In any case,
where message protection policies are dened, the request and response message protection
policies of the client must match (be equivalent to) the request and response message protection
policies of the server. For more information on dening application-specic message
protection policies, refer to the Securing Applications chapter of the Developers Guide.
UnderstandingMessage Securityinthe EnterpriseServer
SunGlassFishEnterpriseServer2.1AdministrationGuide • December2008130