Web services policy set bindings

A set of bindings is a named object that is associated with a specific policy set and service resource that is attached to the policy set.

Bindings contain environment and platform specific information, like the following types of information:
  • Keys used for signature and encryption
  • Keystore information
  • Authentication information
  • Persistent information
Typically, bindings are specific to the application or the platform, and they are not shared.

There are two types of bindings, application specific bindings and general bindings.

Application specific binding

You can create application specific bindings only at a policy set attachment point. These bindings are specific to and defined by the characteristics of the policy. Application specific bindings are capable of providing configuration for advanced policy requirements, such as multiple signatures; however, these bindings are only reusable within an application. Furthermore, application specific bindings have limited reuse across policy sets.

When you create an application specific binding for a policy set attachment, the binding begins in a completely unconfigured state. You must add each policy, such as WS-Security or HTTP transport, that you want to override the default binding and fully configure the bindings for each policy that you have added. For WS-Security policy, some high level configuration attributes such as TokenConsumer, TokenGenerator, SigningInfo, or EncryptionInfo might be obtained from the default bindings if they are not configured in the application specific bindings.

For service providers, you can only create application specific bindings by selecting Assign Binding > New Application Specific Binding for service provider resources that have an attached policy set. See service providers policy sets and bindings collection. Similarly, for service clients, you can only create application specific bindings by selecting Assign Binding > New Application Specific Binding for service client resources that have an attached policy set. See service client policy set and bindings collection.

General bindings

General bindings can be configured to be used across a range of policy sets and can be reused across applications and for trust service attachments. Although general bindings are highly reusable, they do not provide configuration for advanced policy requirements, such as multiple signatures. There are two types of general bindings:

  • General provider policy set bindings
  • General client policy set bindings

You can create general policy set bindings by copying an existing binding or by creating a new one. For WS-Security bindings, copy an existing sample binding. Creating a new policy set binding from scratch for WS-Security can cause unexpected problems at run time.

To create general provider policy set bindings, in the administrative console, select Services > Policy sets > General provider policy set bindings > New or Copy. To create general client policy set bindings, select Services > Policy sets > General client policy set bindings > New or Copy.

For more information, see Defining and managing service client or provider bindings. General provider policy set bindings can also be used for trust service attachments.

Avoid trouble: After you make a copy of the provider or client sample bindings, customize only the settings of your new copy to suit your purposes. Do not remove anything from your binding copy, such as token generators, token consumers, sign parts, or encrypt parts. You can add things to your binding copy if needed, but deleting information can cause unanticipated errors at run time.
Important:

The sample general bindings that are shipped with the product are provider and client sample. Do not use these sample bindings in their current state in a production environment. However, if they were modified to contain non-sample data, you can use these sample bindings in a production environment.

You cannot assign a binding to a service provider resource that does not have a policy set or has an inherited attachment. To assign a binding to such a service provider resource, you must first attach a policy set to the resource. Also, you cannot assign a binding to a service client resource that does not have an effective policy configuration or has an inherited policy attachment. To assign a binding to such a service client resource, you must first attach a policy set or specify the use of the provider policy.