Glossary Of Message Security Terminology - Sun Microsystems GlassFish Enterprise Server 2.1 Administration Manual

Glossary of Message Security Terminology

The terminology used in this document is described below. The concepts are also discussed in
"Configuring the Enterprise Server for Message Security" on page
Authentication Layer
■
The authentication layer is the message layer on which authentication processing must be
performed. The Enterprise Server enforces web services message security at the SOAP layer.
Authentication Provider
■
In this release of the Enterprise Server, the Enterprise Server invokes authentication
providers to process SOAP message layer security.
A client-side provider establishes (by signature or username/password) the source
■
identity of request messages and/or protects (by encryption) request messages such that
they can only be viewed by their intended recipients. A client-side provider also
establishes its container as an authorized recipient of a received response (by successfully
decrypting it) and validates passwords or signatures in the response to authenticate the
source identity associated with the response. Client-side providers configured in the
Enterprise Server can be used to protect the request messages sent and the response
messages received by server-side components (servlets and EJB components) acting as
clients of other services.
A server-side provider establishes its container as an authorized recipient of a received
■
request (by successfully decrypting it) and validates passwords or signatures in the
request to authenticate the source identity associated with the request. A server-side
provider also establishes (by signature or username/password) the source identity of
response messages and/or protects (by encryption) response messages such that they can
only be viewed by their intended recipients. Server-side providers are only invoked by
server-side containers.
Default Server Provider
■
The default server provider is used to identify the server provider to be invoked for any
application for which a specific server provider has not been bound. The default server
provider is sometimes referred to as the default provider.
Default Client Provider
■
The default client provider is used to identify the client provider to be invoked for any
application for which a specific client provider has not been bound.
Request Policy
■
The request policy defines the authentication policy requirements associated with request
processing performed by the authentication provider. Policies are expressed in message
sender order such that a requirement that encryption occur after content would mean that
the message receiver would expect to decrypt the message before validating the signature.
Response Policy
■
Chapter 10 • Configuring Message Security
Understanding Message Security in the Enterprise Server
133.
131