...
| Code Block | ||
|---|---|---|
| ||
<wsu:timestamp wsu:id="..."> <wsu:created valuetype="...">...</wsu:created> <wsu:expires valuetype="...">...</wsu:expires> ... </wsu:timestamp> |
Few points to be noted are:
- Time references must be in UTC time.
- Time references are recommended to be in
xsd:dateTimeformat, if in any other format is used, it should be specified inValueTypeattribute. - The specification does not mention any mechanism for synchronizing the time between the sender and recipient. However, it specifies that this should be addressed.
- The Timestamp element should be signed in order to prevent it being forged.
- Another sub-element that may present in Timestamp element is
wsu:receivedthat can be included by an intermediary. - Only one global timestamp element can be present in one security header.
The following is an actual Timestamp element extracted from a secured message.
| Code Block | ||
|---|---|---|
| ||
<wsu:timestamp wsu:id="Timestamp-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:created>2011-09-24T12:11:41.331Z</wsu:created>
<wsu:expires>2011-09-24T12:16:41.331Z</wsu:expires>
</wsu:timestamp> |
The sections in this topic are related to Timestamp as defined in the specification. The following sections discuss how it is being utilized and processed in an actual implementation by referring to Rampart and WSS4J.
Rampart and WSS4J
Rampart is the Axis2 module that introduces security processing handlers to the inflow and outflow of the Axis2 SOAP processing engine. Rampart internally utilizes WSS4J which implements the support for WS-Security.
The following are the rampart configuration parameters that allows you to configure and control Timestamp handling in Rampart and WSS4J (applies to Rampart 1.6.2 or above).