Sun Microsystems 820433510 AboutDigital Signatures, AboutEncryption, AboutMessage Protection Policies

TheEnterprise Server uses XML Digital signatures to bind an authentication identity to

messagecontent. Clients use digital signatures to establish their caller identity, analogous to the

waybasic authentication or SSL client certicate authentication have been used to do the same

thingwhen transport layer security is being used. Digital signatures are veried by the message

receiverto authenticate the source of the message content (which may be dierent from the

senderof the message.)

Whenusing digital signatures, valid keystore and truststore les must be congured on the

EnterpriseServer. For more information on this topic, read “About Certicate Files” on

Whenusing Encryption, you must have an installed JCE provider that supports encryption. For

moreinformation on this topic, read “Conguring a JCE Provider” on page 135.

Messageprotection policies are dened for request message processing and response message

processingand are expressed in terms of requirements for source and/or recipient

authentication.A source authentication policy represents a requirement that the identity of the

entitythat sent a message or that dened the content of a message be established in the message

suchthat it can be authenticated by the message receiver. A recipient authentication policy

representsa requirement that the message be sent such that the identity of the entities that can

receivethe message can be established by the message sender. The providers apply specic

policiesof the client must match (be equivalent to) the request and response message protection

policiesof the server. For more information on dening application-specic message

protectionpolicies, refer to the Securing Applications chapter of the Developers Guide.

UnderstandingMessage Security in the Enterprise Server

SunGlassFishEnterprise Ser ver2.1 Administration Guide • December 2008130