Sun Microsystems 820433510 Server User Manual


 
Glossary of Message Security Terminology
The terminology used in this document is described below. The concepts are also discussed in
“Conguring the Enterprise Server for Message Security” on page 133.
Authentication Layer
The authentication layer is the message layer on which authentication processing must be
performed. The Enterprise Server enforces web services message security at the SOAP layer.
Authentication Provider
In this release of the Enterprise Server, the Enterprise Server invokes authentication
providers to process SOAP message layer security.
A client-side provider establishes (by signature or username/password) the source
identity of request messages and/or protects (by encryption) request messages such that
they can only be viewed by their intended recipients. A client-side provider also
establishes its container as an authorized recipient of a received response (by successfully
decrypting it) and validates passwords or signatures in the response to authenticate the
source identity associated with the response. Client-side providers congured in the
Enterprise Server can be used to protect the request messages sent and the response
messages received by server-side components (servlets and EJB components) acting as
clients of other services.
A server-side provider establishes its container as an authorized recipient of a received
request (by successfully decrypting it) and validates passwords or signatures in the
request to authenticate the source identity associated with the request. A server-side
provider also establishes (by signature or username/password) the source identity of
response messages and/or protects (by encryption) response messages such that they can
only be viewed by their intended recipients. Server-side providers are only invoked by
server-side containers.
Default Server Provider
The default server provider is used to identify the server provider to be invoked for any
application for which a specic server provider has not been bound. The default server
provider is sometimes referred to as the default provider.
Default Client Provider
The default client provider is used to identify the client provider to be invoked for any
application for which a specic client provider has not been bound.
Request Policy
The request policy denes the authentication policy requirements associated with request
processing performed by the authentication provider. Policies are expressed in message
sender order such that a requirement that encryption occur after content would mean that
the message receiver would expect to decrypt the message before validating the signature.
Response Policy
UnderstandingMessage Securityinthe EnterpriseServer
Chapter10 • ConguringMessage Security 131