CA API Gateway 9.1

9.4 9.1

Enforce WS-I BSP Compliance Assertion

The Enforce WS-I BSP Compliance assertion checks incoming and/or outgoing requests for compliance with the WS-I Basic Security Profile 1.0 specifications.
gateway90
The
Enforce WS-I BSP Compliance
assertion checks incoming and/or outgoing requests for compliance with the WS-I Basic Security Profile 1.0 specifications.
Use this assertion to:
  • Restrict encryption, signature, algorithms, etc., to those permitted
  • Ensure strict adherence to namespaces
  • Enforce adherence for required/restricted elements, attributes, and attribute values
  • Enforce referencing constraints (for example, reference by ID for local security tokens).
This assertion implements the rules contained in the
Basic Security Profile Version 1.0
 specifications located at: http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html.
To view the audit records generated by this assertion, see Gateway Audit Events.
When the Enforce WS-I BSP Compliance assertion is present in a policy path, it performs validations to help ensure compliance. For example, you will receive a validation error if an Encrypt Element assertion used AES 192 bit encryption.
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Add an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. Right-click
    Enforce WS-I BSP Compliance
    in the policy window and select
    WS-I BSP Compliance Properties
     or double-click the assertion in the policy window. The assertion properties are displayed.
  3. Configure the properties as follows:
    Setting
    Description
    Check Request Message
    Select this check box to check request messages for conformance to WS-I BSP specifications. Clear this check box to not check requests for WS-I BSP conformance.
    This setting is selected by default if the assertion is placed
    before
     the routing assertion in the policy.
    Check Response Message
    Select this check box to check response messages for conformance to WS-I BSP specifications. Clear this check box to not check responses for WS-I BSP conformance.
    This setting is selected by default if the assertion is placed
    after
     the routing assertion in the policy.
    Audit only
    Select
    Audit only
     to generate an audit record when non-conformance in the request or response is detected. No SOAP fault occurs and the assertion does not fail.
    Audit and Fail
    Select
    Audit and Fail
     to generate both an audit record and a SOAP fault when non-conformance in the request or response is detected; the assertion also fails.
    Fail assertion
    Select
    Fail assertion
     to generate a SOAP fault and fail the assertion when non-conformance in the request or response is detected. No audit record is generated.
    The audit record indicates the rule that was broken (Rxxxx). You can look up the rule on www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html to see more information. No audit record is created when a request or response conforms to the specifications.
  4. Click [
    OK
    ]
    when done.

Content feedback and comments