NonStop SOAP 4.1 User's Manual

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

281

282

283

284

285

286

287

288

289

290

Scenario 5: Combining TimeStamp, UsernameToken, Encryption, and Signature with Protection

order Sign->Encrypt

This scenario describes how TimeStamp, UsernameToken, Encryption, and Signature scenarios

can be combined together.

The following assertion can be used to encrypt the signature:

<sp:EncryptSignature/>

The default protection order is SignBeforeEncrypting. The protection order property indicates the

order in which integrity and confidentiality are applied to the message, in cases where both integrity

and confidentiality are required. The SignBeforeEncrypting property indicates that the content must

be signed first. The encryption is performed on the signed content.

Scenario 6: Combining TimeStamp, UsernameToken, Encryption, and Signature with Protection

Order Encrypt->Sign

This scenario is similar to Scenario 5, except the protection order. This scenario demonstrates how

the protection order “Encryption and then Sign” can be used. You can use the following assertion:

<sp:EncryptBeforeSigning/>

If this property is specified in the policies, the content is encrypted first and then the encrypted data

is signed.

Scenario 7: Symmetric Binding. Encryption using Derived Keys

A derived key is a cryptographic key created from a password or other user data. Derived keys

allow applications to create session keys as needed, eliminating the need to store a particular key.

The use of the same session key (for example, when using Secure Conversation) for repeated

message exchanges is sometimes considered a risk. To reduce this risk, Require Derived Keys is

used.

The first six scenarios demonstrate the AsymmetricBinding. The following scenarios demonstrate

the SymmetricBinding configuration. This scenario demonstrates how the encryption can be

performed using derived keys. You can use the following assertion:

<sp:RequireDerivedKeys/>

Scenario 8: Symmetric Binding, Signature

This scenario demonstrates how Signature can be used with SymmetricBinding. For additional

information about signature, see “Scenario 4: Signature” (page 282)

Scenario 9: Symmetric Binding. Both Encryption and Signature with Protection Order Encrypt->Sign

This scenario demonstrates how encryption and signature can be used with SymmetricBinding.

The protection order is encrypt and then sign. This scenario is similar to Scenario 6 except the

binding is different.

Scenario 10: Symmetric Binding. Both Encryption and Signature with Protection Order Sign->Encrypt

This scenario is similar to Scenario 9, except the protection order is different. The protection order

is sign and encrypt.

Scenario 11: Symmetric Binding. Both Encryption and Signature with Protection Order

Encrypt->Signature Encryption

This scenario is similar to Scenario 9, except that the signature is encrypted.

Scenario 12: Symmetric Binding. Both Encryption and Signature with Protection Order Sign->Encrypt.

Signature Encryption

This scenario is similar to Scenario 10, except that the signature is encrypted.

Sample Programs 283