Nonce [Settings]

Attaches a Nonce element to the message part specified by the dialect and keyword attributes. Nonce is a randomly generated value.

To view this pane in the console, click one of the following paths:

  • Service integration > Web services > WS-Security configurations > [Content Pane] v1-inbound-config_name > [Request consumer] Required integrity > [Content Pane] required-integrity_name > [Additional Properties] Nonce > [Content Pane] nonce_name
  • Service integration > Web services > WS-Security configurations > [Content Pane] v1-outbound-config_name > [Response consumer] Required integrity > [Content Pane] integrity_name > [Additional Properties] Nonce > [Content Pane] nonce_name
  • Service integration > Web services > WS-Security configurations > [Content Pane] v1-inbound-config_name > [Request consumer] Required Confidentiality > [Content Pane] required-confidentiality_name > [Additional Properties] Nonce > [Content Pane] nonce_name
  • Service integration > Web services > WS-Security configurations > [Content Pane] v1-outbound-config_name > [Response consumer] Required Confidentiality > [Content Pane] confidentiality_name > [Additional Properties] Nonce > [Content Pane] nonce_name

When a Nonce is added to the specific parts of a message, it might prevent theft and replay attacks because a generated Nonce is unique. For example, without a Nonce, when a user name token is passed from one machine to another machine using a non-secure transport, such as HTTP, the token might be intercepted and used in a replay attack. The user name token can be stolen even if you use XML digital signature and XML encryption. However, it might be prevented by adding a Nonce.

Configuration tab

Configuration properties for this object. These property values are preserved even if the runtime environment is stopped then restarted. See the information center task descriptions for information about how to apply configuration changes to the runtime environment.

General properties

Name

The name of the Nonce element.

Required Yes
Data type Text

Dialect

The expression dialect to use.

Required Yes
Data type drop-down list

Keyword

The message part to attach the Nonce element to, specified in a way defined by the chosen dialect.

When the http://www.ibm.com/websphere/webservices/wssecurity/dialect-was dialect value is selected, the following are valid keyword values:
action
Specifies the wsa:Action element.
body
Specifies the SOAP body element.
dsigkey
Specifies the key information element, which is used for digital signature.
enckey
Specifies the ds:KeyInfo element, which is used for encryption.
messageid
Specifies the wsa:MessageID element.
relatesto
Specifies the wsa:RelatesTo element.
securitytoken
Specifies any security token elements, for example the wsse:BinarySecurityToken element.
timestamp
Specifies the wsu:Timestamp element. This element determines whether the message is valid based upon the time that the message is sent and then received.
to
Specifies the wsa:To element.
When the http://www.w3.org/TR/1999/REC-xpath-1999116 dialect value is selected, then the keyword value can be any valid XPath expression that points to a part of the message. For example:
/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']
/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']
Required Yes
Data type Text



Reference topic Reference topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 2:56:59 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=Nonce_DetailForm
File name: Nonce_DetailForm.html