Share via

<Algorithm> Element for <Integrity>

  • Article

Specifies the algorithm used to create the digital signature.

<policyDocument> Element
  <policies> Element
    <policy> Element (WSE for Microsoft .NET) (2)
      <Integrity> Element

<Algorithm Type URI wsp:Preference  />

Attributes and Elements

Attributes

Attribute Description

Type

Optional element. Specifies the algorithm type. WSE supports wsse:AlgCanonicalization, wsse:AlgSignature, wsse:AlgDigest, and wsse:AlgTransform.

URI

Optional element. Specifies the URI for the algorithm.

wsp:Preference

Optional element. Specifies the preference for this particular alternative. The preference is expressed as an xsd:int. The higher the value of the preference, the greater the weighting of the expressed preference.

Child Elements

None

Parent Elements

Element Description

<Integrity> Element

Specifies the digital signature requirements for a SOAP message.

Remarks

When the <Algorithm> element is not specified, only the algorithms required by the XML Signature specification are supported.

Example

The following code example defines a policy assertion named signed-body-Kerberos that requires the digital signing of the <Body> element, timestamp header, and all addressing headers by a KerberosToken. The policy file then specifies that all SOAP messages sent to the http://www.cohowinery.com/Service1.asmx endpoint must adhere to the policy assertion.

Note

This code example is designed to demonstrate WSE features and is not intended for production use.

<?xml version="1.0" encoding="utf-8"?>
<policyDocument xmlns="https://schemas.microsoft.com/wse/2003/06/Policy">
  <mappings>
    <endpoint uri="http://www.cohowinery.com/Service1.asmx">
      <defaultOperation>
        <request policy="#signed-body-Kerberos" />
        <response policy="" />
        <fault policy="" />
      </defaultOperation>
    </endpoint>
  </mappings>
  <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
            xmlns:wse="https://schemas.microsoft.com/wse/2003/06/Policy"
            xmlns:wsa="https://schemas.xmlsoap.org/ws/2004/03/addressing"
            xmlns:wssp="https://schemas.xmlsoap.org/ws/2002/12/secext"
            xmlns:wsp="https://schemas.xmlsoap.org/ws/2002/12/policy"
            xmlns:wssc="https://schemas.xmlsoap.org/ws/2004/04/sc"
            xmlns:rp="https://schemas.xmlsoap.org/rp">
    <!--This policy requires that the body be digitally signed by an 
        Kerberos security token.-->
    <wsp:Policy wsu:Id="signed-body-Kerberos">
      <wssp:Integrity wsp:Usage="wsp:Required">
        <wssp:Algorithm Type="wssp:AlgCanonicalization" URI="http://www.w3.org/Signature/Drafts/xml-exc-c14n" />
        <wssp:TokenInfo>
          <wssp:SecurityToken>
            <wssp:TokenType>https://schemas.xmlsoap.org/ws/2003/12/kerberos/Kerberosv5ST</wssp:TokenType>
          </wssp:SecurityToken>
        </wssp:TokenInfo>
        <wssp:MessageParts xmlns:rp="https://schemas.xmlsoap.org/rp" Dialect="https://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wse:Timestamp() wse:Addressing()</wssp:MessageParts>
      </wssp:Integrity>
    </wsp:Policy>
  </policies>
</policyDocument>

See Also

Reference

<Integrity> Element

Concepts

Policy File Schema

Other Resources

Configuring a Web Service's Policy