WS_SECURITY_PROPERTY_ID enumeration (webservices.h)

Identifies the properties representing channel-wide security settings. This enumeration is used within the WS_SECURITY_PROPERTY structure, which is in turn used within a WS_SECURITY_DESCRIPTION structure.

Syntax

typedef enum {
  WS_SECURITY_PROPERTY_TRANSPORT_PROTECTION_LEVEL = 1,
  WS_SECURITY_PROPERTY_ALGORITHM_SUITE = 2,
  WS_SECURITY_PROPERTY_ALGORITHM_SUITE_NAME = 3,
  WS_SECURITY_PROPERTY_MAX_ALLOWED_LATENCY = 4,
  WS_SECURITY_PROPERTY_TIMESTAMP_VALIDITY_DURATION = 5,
  WS_SECURITY_PROPERTY_MAX_ALLOWED_CLOCK_SKEW = 6,
  WS_SECURITY_PROPERTY_TIMESTAMP_USAGE = 7,
  WS_SECURITY_PROPERTY_SECURITY_HEADER_LAYOUT = 8,
  WS_SECURITY_PROPERTY_SECURITY_HEADER_VERSION = 9,
  WS_SECURITY_PROPERTY_EXTENDED_PROTECTION_POLICY = 10,
  WS_SECURITY_PROPERTY_EXTENDED_PROTECTION_SCENARIO = 11,
  WS_SECURITY_PROPERTY_SERVICE_IDENTITIES = 12
} WS_SECURITY_PROPERTY_ID;

Constants

 
WS_SECURITY_PROPERTY_TRANSPORT_PROTECTION_LEVEL
Value: 1
A WS_PROTECTION_LEVEL value that determines whether signing alone or
signing plus encryption should be done for the connection. With at
least one transport security binding in the security description, the
default is WS_PROTECTION_LEVEL_SIGN_AND_ENCRYPT.
WS_SECURITY_PROPERTY_ALGORITHM_SUITE
Value: 2
With mixed-mode security, this property is a WS_SECURITY_ALGORITHM_SUITE structure that specifies the algorithm suite to be used. .
This property may not be used in conjunction with WS_SECURITY_PROPERTY_ALGORITHM_SUITE_NAME.


If neither this property nor WS_SECURITY_ALGORITHM_SUITE_NAME is specified, the algorithm
suite defaults to WS_SECURITY_ALGORITHM_SUITE_NAME_BASIC128 when WS_KERBEROS_APREQ_MESSAGE_SECURITY_BINDING is used and
WS_SECURITY_ALGORITHM_SUITE_NAME_BASIC256 otherwise.
WS_SECURITY_PROPERTY_ALGORITHM_SUITE_NAME
Value: 3
With mixed-mode security, this property is a WS_SECURITY_ALGORITHM structure that specifies the algorithm suite to be used. The suite names
refer to collections of algorithms defined
in WS-SecurityPolicy 1.1section 7.1.
This property may not be used in conjunction with WS_SECURITY_PROPERTY_ALGORITHM_SUITE.


If neither this property nor WS_SECURITY_ALGORITHM_SUITE is specified, the algorithm
suite defaults to WS_SECURITY_ALGORITHM_SUITE_NAME_BASIC128 when WS_KERBEROS_APREQ_MESSAGE_SECURITY_BINDING is used and
WS_SECURITY_ALGORITHM_SUITE_NAME_BASIC256 otherwise.
WS_SECURITY_PROPERTY_MAX_ALLOWED_LATENCY
Value: 4
With mixed-mode security, this property is a WS_TIMESPAN structure that specifies the maximum allowed staleness of
an incoming timestamp in the security header. The default is 5 minutes.
WS_SECURITY_PROPERTY_TIMESTAMP_VALIDITY_DURATION
Value: 5
With mixed-mode security, this property is a WS_TIMESPAN structure that specifies the timestamp generated by the
sender will remain valid for this duration from the security
application instant. This setting is sometimes called 'time-to-live'
or 'TTL'. The default is 5 minutes.
WS_SECURITY_PROPERTY_MAX_ALLOWED_CLOCK_SKEW
Value: 6
With mixed-mode security, this property is a WS_TIMESPAN structure that specifies the maximum skew allowed between
the clocks of the sender and receiver. This quantity serves as a
margin of tolerance on the enforcement of settings such as WS_SECURITY_PROPERTY_MAX_ALLOWED_LATENCY.
The default is 5 minutes.
WS_SECURITY_PROPERTY_TIMESTAMP_USAGE
Value: 7
With mixed-mode security, this property is a WS_SECURITY_TIMESTAMP_USAGE value that specifies whether a timestamp should be
generated (at sender) and demanded (at receiver) in the security
header. The default is WS_SECURITY_TIMESTAMP_USAGE_ALWAYS.
WS_SECURITY_PROPERTY_SECURITY_HEADER_LAYOUT
Value: 8
With mixed-mode security, this property is a WS_SECURITY_HEADER_LAYOUT value that specifies the layout of the security
header. The default is WS_SECURITY_HEADER_LAYOUT_STRICT.
WS_SECURITY_PROPERTY_SECURITY_HEADER_VERSION
Value: 9
With mixed-mode security, this property is a WS_SECURITY_HEADER_VERSION value that specifies the WS-Security version to use
for the security header. The default is WS_SECURITY_HEADER_VERSION_1_1.
WS_SECURITY_PROPERTY_EXTENDED_PROTECTION_POLICY
Value: 10
A WS_EXTENDED_PROTECTION_POLICY value that specfies whether to validate Extended Protection data. Only available if extended protection is used.


The default is WS_EXTENDED_PROTECTION_POLICY_WHEN_SUPPORTED on configurations that support extended protection.

This property is only available on the server and can only be used when WS_HTTP_CHANNEL_BINDING with either WS_HTTP_HEADER_AUTH_SECURITY_BINDING or WS_KERBEROS_APREQ_MESSAGE_SECURITY_BINDING is used.


Supported by default on Windows 7 and above. May require an update on systems running earlier versions of Windows. If the operating system was not updated,
this property is still available but has no effect.
WS_SECURITY_PROPERTY_EXTENDED_PROTECTION_SCENARIO
Value: 11
A WS_EXTENDED_PROTECTION_SCENARIO value that specifies the deployment scenario of the server as it pertains to Extended Protection. Only available if extended protection is used.


This property is only available on the server and can only be used when WS_HTTP_CHANNEL_BINDING with either WS_HTTP_HEADER_AUTH_SECURITY_BINDING or WS_KERBEROS_APREQ_MESSAGE_SECURITY_BINDING is used.


The default is WS_EXTENDED_PROTECTION_SCENARIO_BOUND_SERVER.

Supported by default on Windows 7 and above. May require an update on systems running earlier versions of Windows. If the operating system was not updated,
this property is still available but has no effect.
WS_SECURITY_PROPERTY_SERVICE_IDENTITIES
Value: 12
A WS_SERVICE_SECURITY_IDENTITIES structure that sets the Server Principal Names (SPNs) the server is willing to accept as part of validating Extended Protection data.
SPNs are validated when a WS_HTTP_HEADER_AUTH_SECURITY_BINDING is used
without a WS_SSL_TRANSPORT_SECURITY_BINDING or when WS_EXTENDED_PROTECTION_SCENARIO_TERMINATED_SSL is set.


This property is only available on the server and can only be used with WS_HTTP_CHANNEL_BINDING.


If all of the above requirements are met, this property must be set for security verification to succeed. Otherwise, it must not be set.


Supported by default on Windows 7 and above. Requires update to the operating system on other platforms. If the operating system was not updated,
this property is still available but has no effect.

Remarks

All properties defined by the keys here have reasonable defaults; so specifying them is optional. In the common case, one should be able to create a WS_SECURITY_DESCRIPTION without setting any of the properties below.

Requirements

Requirement Value
Minimum supported client Windows 7 [desktop apps | UWP apps]
Minimum supported server Windows Server 2008 R2 [desktop apps | UWP apps]
Header webservices.h