About digital signatures, About encryption, About message protection policies – Sun Microsystems GLASSFISH ENTERPRISE 820433510 User Manual
Page 130
About Digital Signatures
The Enterprise Server uses XML Digital signatures to bind an authentication identity to
message content. Clients use digital signatures to establish their caller identity, analogous to the
way basic authentication or SSL client certificate authentication have been used to do the same
thing when transport layer security is being used. Digital signatures are verified by the message
receiver to authenticate the source of the message content (which may be different from the
sender of the message.)
When using digital signatures, valid keystore and truststore files must be configured on the
Enterprise Server. For more information on this topic, read
About Encryption
The purpose of encryption is to modify the data such that it can only be understood by its
intended audience. This is accomplished by substituting an encrypted element for the original
content. When predicated on public key cryptography, encryption can be used to establish the
identity of the parties that can read a message.
When using Encryption, you must have an installed JCE provider that supports encryption. For
more information on this topic, read
“Configuring a JCE Provider” on page 135
About Message Protection Policies
Message protection policies are defined for request message processing and response message
processing and are expressed in terms of requirements for source and/or recipient
authentication. A source authentication policy represents a requirement that the identity of the
entity that sent a message or that defined the content of a message be established in the message
such that it can be authenticated by the message receiver. A recipient authentication policy
represents a requirement that the message be sent such that the identity of the entities that can
receive the message can be established by the message sender. The providers apply specific
message security mechanisms to cause the message protection policies to be realized in the
context of SOAP web services messages.Request and response message protection policies are
defined when a provider is configured into a container. Application-specific message protection
policies (at the granularity of the web service port or operation) may also be configured within
the Sun-specific deployment descriptors of the application or application client. In any case,
where message protection policies are defined, the request and response message protection
policies of the client must match (be equivalent to) the request and response message protection
policies of the server. For more information on defining application-specific message
protection policies, refer to the Securing Applications chapter of the Developers Guide.
Understanding Message Security in the Enterprise Server
Sun GlassFish Enterprise Server 2.1 Administration Guide • December 2008
130