WS-SecurityPolicy 1.2 is supported as follows. Equivalent parts of WS-SecurityPolicy 1.1 are also supported.
-
4.1.1 SignedParts supported with exceptions:
-
4.1.2 SignedElements not supported
-
4.2.1 EncryptedParts supported with exceptions:
-
4.2.2 EncryptedElements not supported
-
4.3.1 RequiredElements not supported
-
4.2.1 RequiredParts supported:
-
5.1 sp:IncludeToken supported
-
5.2 Token Issuer and Required Claims not supported
-
5.3 Derived Key properties supported only for X509Token and SamlToken
-
5.4.1 UsernameToken supported
-
5.4.2 IssuedToken not supported
-
5.4.3 X509Token supported
-
5.4.4 KerberosToken not supported
-
5.4.5 SpnegoContextToken not supported
-
5.4.6 SecurityContextToken not supported
-
5.4.7 SecureConversationToken supported
-
5.4.8 SamlToken supported
-
5.4.9 RelToken not supported
-
5.4.10 HttpsToken supported only for TransportBinding Assertion
-
5.4.11 KeyValueToken supported
-
6.1 [Algorithm Suite] partially supported:
-
Basic256, Basic192, Basic128 supported
-
Basic256Rsa15, Basic192Rsa15, Basic128Rsa15 supported
-
Basic256Sha256, Basic192Sha256, Basic128Sha256 supported
-
Basic256Sha256Rsa15, Basic192Sha256Rsa15, Basic128Sha256Rsa15 supported
-
TripleDes, TripleDesRsa15, TripleDesSha256, TripleDesSha256Rsa15 not supported
-
InclusiveC14N, SOAPNormalization10, STRTransform10 not supported
-
XPath10, XPathFilter20, AbsXPath not supported
-
6.2 [Timestamp] supported
-
6.3 [Protection Order] supported
-
6.4 [Signature Protection] supported
-
6.5 [Token Protection] supported
-
6.6 [Entire Header and Body Signatures] supported
-
6.7 [Security Header Layout] supported
-
7.1 AlgorithmSuite Assertion per 6.1
-
7.2 Layout Assertion per 6.7
-
7.3 TransportBinding supported only with HttpsToken
-
7.4 SymmetricBinding supported
-
7.5 AsymmetricBinding supported:
-
8.1 SupportingTokens Assertion supported
-
8.2 SignedSupportingTokens Assertion supported
-
8.3 EndorsingSupportingTokens Assertion supported
-
8.4 SignedEndorsingSupportingTokens Assertion supported
-
8.5 Encrypted SupportingTokens Assertion supported
-
8.6 SignedEncrypted SupportingTokens Assertion supported
-
8.7 EndorsingEncrypted SupportingTokens Assertion supported
-
8.8 SignedEndorsingEncrypted SupportingTokens Assertion supported
-
9.1 Wss10 Assertion supported with exceptions:
-
sp:MustSupportRefKeyIdentifier supported
-
sp:MustSupportRefIssuerSerial supported
-
sp:MustSupportRefExternalURI not supported
-
sp:MustSupportRefEmbeddedToken not supported
-
9.2 Wss11 Assertion supported with exceptions:
-
sp:MustSupportRefKeyIdentifier supported
-
sp:MustSupportRefIssuerSerial supported
-
sp:MustSupportRefExternalURI not supported
-
sp:MustSupportRefEmbeddedToken not supported
-
sp:MustSupportRefKeyThumbprint supported
-
sp:MustSupportRefKeyEncryptedKey supported
-
sp:RequireSignatureConfirmation supported
-
10.1 Trust13 Assertion supported with exceptions:
-
sp:MustSupportClientChallenge not supported
-
sp:MustSupportServerChallenge not supported
-
sp:RequireClientEntropy supported
-
sp:RequireServerEntropy supported
-
sp:MustSupportIssuedTokens not supported -- ignored for now
-
sp:RequireRequestSecurityTokenCollection not supported
-
sp:RequireAppliesTo not supported
-
Trust10 Assertion (see http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdfOpens in a new tab)
Note:
The Trust10 Assertion is supported only in a trivial way; InterSystems IRIS converts it to a Trust13 Assertion to avoid throwing an error.