Specifies the default values used for initiating a secure conversation service.
<secureConversationBootstrap allowSerializedSigningTokenOnReply="Boolean" authenticationMode="AuthenticationMode" defaultAlgorithmSuite="SecurityAlgorithmSuite" includeTimestamp="Boolean" requireDerivedKeys="Boolean" keyEntropyMode="ClientEntropy/ServerEntropy/CombinedEntropy" messageProtectionOrder="SignBeforeEncrypt/SignBeforeEncryptAndEncryptSignature/EncryptBeforeSign" messageSecurityVersion="WSSecurityJan2004/WSSecurityXXX2005" requireDerivedKeys="Boolean" requireSecurityContextCancellation="Boolean" requireSignatureConfirmation="Boolean" > securityHeaderLayout="Strict/Lax/LaxTimestampFirst/LaxTimestampLast" includeTimestamp="Boolean" />
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
||Optional. A Boolean value that specifies if a serialized token can be used on reply. The default value is
||Specifies the SOAP authentication mode used between the initiator and the responder.
The default is sspiNegotiated.
This attribute is of type AuthenticationMode.
||Security algorithm suite defines of a variety of algorithms such as Canonicalization, Digest, KeyWrap, Signature, Encryption, and KeyDerivation algorithms. Each of the security algorithm suites defines values for these different parameters. Message-based security is achieved using these algorithms.
This attribute is used when working with a different platform that opts for a set of algorithms different than the default. You should be aware of the strengths and weaknesses of the relevant algorithms when making modifications to this setting. This attribute is of type SecurityAlgorithmSuite. The default is
||A Boolean value that specifies whether time stamps are included in each message. The default is
||Specifies the way that keys for securing messages are computed. Keys can be based on the client key material only, on the service key material only or a combination of both. Valid values are:
- ClientEntropy: The session key is based off the client provided key material.
- ServerEntropy: The session key is based off the service provided key material.
- CombinedEntropy: The session key is based off the client and service provided keying material.
The default is CombinedEntropy.
This attribute is of type SecurityKeyEntropyMode.
||Sets the order in which message level security algorithms are applied to the message. Valid values include the following:
- SignBeforeEncrypt: Sign first, then encrypt.
- SignBeforeEncryptAndEncryptSignature: Sign, encrypt, and encrypt signature.
- EncryptBeforeSign: Encrypt first, then sign.
SignBeforeEncryptAndEncryptSignature is the default value when using mutual certificates with WS-Security 1.1. SignBeforeEncrypt is the default value with WS-Security 1.0.
This attribute is of type MessageProtectionOrder.
||Sets the version of WS-Security that is used. Valid values include the following:
The default is WSSecurityXXX2005. This attribute is of type MessageSecurityVersion.
||A Boolean value that specifies whether keys can be derived from the original proof keys. The default is
||A Boolean value that specifies whether security context should be cancelled and terminated when it is no longer required. The default is
||A Boolean value that specifies whether WS-Security signature confirmation is enabled. When set to
Signature confirmation is used to confirm that the service is responding in full awareness of a request.
||Specifies the ordering of the elements in security header. Valid values are:
- Strict. Items are added to the security header according to the general principle of "declare before use".
- Lax. Items are added to the security header in any order that confirms to WSS: SOAP Message security.
- LaxWithTimestampFirst. Items are added to the security header in any order that confirms to WSS: SOAP Message security except that the first element in the security header must be a wsse:Timestamp element.
- LaxWithTimestampLast. Items are added to the security header in any order that confirms to WSS: SOAP Message security except that the last element in the security header must be a wsse:Timestamp element.
The default is Strict.
This element is of type SecurityHeaderLayout.
|<issuedTokenParameters>||Specifies a current issued token. This element is of type IssuedTokenParametersElement.|
|<localClientSettings>||Specifies the security settings of a local client for this binding. This element is of type LocalClientSecuritySettingsElement.|
|<localServiceSettings>||Specifies the security settings of a local service for this binding. This element is of type LocalServiceSecuritySettingsElement.|
|<security>||Specifies the security options for a custom binding.|
How to: Create a Custom Binding Using the SecurityBindingElement
Custom Binding Security