Enforce WS-I BSP Compliance Assertion
The Enforce WS-I BSP Compliance assertion checks incoming and/or outgoing requests for compliance with the WS-I Basic Security Profile 1.0 specifications.
Enforce WS-I BSP Complianceassertion checks incoming and/or outgoing requests for compliance with the WS-I Basic Security Profile 1.0 specifications.
Use this assertion to:
- Restrict encryption, signature, algorithms, etc., to those permitted
- Ensure strict adherence to namespaces
- Enforce adherence for required/restricted elements, attributes, and attribute values
- Enforce referencing constraints (for example, reference by ID for local security tokens).
This assertion implements the rules contained in the
Basic Security Profile Version 1.0specifications located at: http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html.
To view the audit records generated by this assertion, see Gateway Audit Events.
When the Enforce WS-I BSP Compliance assertion is present in a policy path, it performs validations to help ensure compliance. For example, you will receive a validation error if an Encrypt Element assertion used AES 192 bit encryption.
Using the Assertion
- Do one of the following:
- To add the assertion to the Policy Development window, see Add an Assertion.
- To change the configuration of an existing assertion, proceed to step 2 below.
- Right-clickEnforce WS-I BSP Compliancein the policy window and selectWS-I BSP Compliance Propertiesor double-click the assertion in the policy window. The assertion properties are displayed.
- Configure the properties as follows:SettingDescriptionCheck Request MessageSelect this check box to check request messages for conformance to WS-I BSP specifications. Clear this check box to not check requests for WS-I BSP conformance.This setting is selected by default if the assertion is placedbeforethe routing assertion in the policy.Check Response MessageSelect this check box to check response messages for conformance to WS-I BSP specifications. Clear this check box to not check responses for WS-I BSP conformance.This setting is selected by default if the assertion is placedafterthe routing assertion in the policy.Audit onlySelectAudit onlyto generate an audit record when non-conformance in the request or response is detected. No SOAP fault occurs and the assertion does not fail.Audit and FailSelectAudit and Failto generate both an audit record and a SOAP fault when non-conformance in the request or response is detected; the assertion also fails.Fail assertionSelectFail assertionto generate a SOAP fault and fail the assertion when non-conformance in the request or response is detected. No audit record is generated.The audit record indicates the rule that was broken (Rxxxx). You can look up the rule on www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html to see more information. No audit record is created when a request or response conforms to the specifications.
- Click [OK]when done.