要用安全信任服务在客户端上配置SSL通信,请完成以下步骤。
To configure SSL communication on the client with the security trust service, complete the following steps.
客户端配置为信任服务密钥或令牌,而服务配置为信任客户端密钥或令牌。
The client is configured to trust the service keys or tokens and the service is configured to trust the client keys or tokens.
请使用tcpmon工具来捕获并验证客户端、提供者和信任服务之间的通信。
Use the tcpmon tool to capture and verify communications between the client, provider and trust service.
要解决这个问题,我们需要在Xforms的 “信任服务器”列表中添加服务器。
To solve that problem, you need to add the server to the list of "trusted servers" with regard to XForms.
提供者服务会将ES b视为受信任用户,所有请求都使用ESB的标识或esb上已知的受信任服务的标识发出。
Provider services still regard the ESB as a trusted user and all requests are made under the identity of the ESB or of a known trusted service on the ESB.
当我提出关于信任服务器性能方面的担心时,该测试人员的回答是“我不负责测试性能,那是由性能团队负责的”。
When I raised my concern about the impact of the trust server, the tester's reply was "I don't test performance, the performance team does that."
客户端还有第二组策略集和绑定,用于配置TivoliFederatedIdentityManager信任服务的消息级安全性。
It also has a second set of policy set and bindings for configuring message-level security to the Tivoli Federated Identity Manager trust service.
要创建和配置信任服务链,请在TivoliFederatedIdentityManager的管理控制台中完成下面的步骤
To create and configure trust service chains, complete the following steps from the administrative console of the Tivoli Federated Identity Manager
本文展示了客户端和提供者所需的策略集和绑定,以及发放SAML令牌所需的TivoliFederatedIdentityManager信任服务链配置。
The article presents the policy sets and bindings required for the client and provider, as well as the Tivoli Federated Identity Manager trust service chain configuration needed to issue a SAML token.
生产支持人员很快就会信任你的资产和服务,并要求多个项目都利用这个功能。
Production support will soon learn to trust your assets, your services, and will demand that multiple projects leverage the capability.
通过在eu和na之间添加显式的域间信任,从欧洲请求服务票证的操作仅需要两次跳转。
By adding an explicit inter-domain trust between EU and NA, service ticket requests from Europe only require two hops.
在此模型中,提供者服务信任esb,但要求提供最终的标识,因此需要ESB断言最终用户的标识。
In this model provider services trust the ESB but need the identity of the end user and therefore require the ESB to assert the identity of the end user.
“我向你们保证,我们必然会经历[失误],”他说。这段谈话会强迫人们重新考虑对于云服务的信任,重要的数据保存在上面是否安全。
"I guarantee you, there will be [a failure] in due course," he said, one that will force a recalibration of the faith people put cloud services for critical data preservation.
目标服务器必须将发送服务器列入到受信任的服务器列表中。
The target server has to list the sending server on the trusted servers list.
对于这种信任,客户机必须信任签署服务器证书的CA。
For this trust, a client must trust the ca which signed the server certificates.
目标服务器接收请求,检索gss令牌,提取服务器标识,对其进行身份验证,并与受信任的服务器标识列表进行比较。
The target server receives the request, retrieves the GSS token, extracts the server identity, authenticates it, and compares it to the list of trusted servers' identities.
目标服务器必须将发送服务器列入到受信任的服务器列表中。
The target server must list the sending server on the trusted servers list.
由此可见,建立信任的关键是服务的品牌和信息而不是特色。
Thus, the key part of the trust equation is not features, but branding and messaging about the service and who USES it.
要避免因为信任发送服务器而带来的相关风险,这种断言过程中引入了服务器验证。
To avoid the risks related to trusting the sending server, server validation is introduced into the assertion process.
在进行了身份验证之后,通过将发送服务器的标识与预配置的受信任的服务器标识列表进行对比,就可以完成这项检查工作。
It does the check by simply comparing the sending server's identity, after authentication, to a pre-configured list of trusted server's identities.
将信任文件名设置为服务器SSL 信任文件的文件系统中的完整路径;
Set the trust file name to the full path in the file system of your server SSL trust file; for example /serverssltrusts.
应用服务器必须信任Web服务器已经正确地完成证书身份验证。
The application server must trust that the Web server has done proper certificate authentication.
将信任文件名设置为服务器SSL 信任文件的文件系统中的完整路径;例如,/clientssltrusts.jceks,其中 为密钥文件的位置。
Set the trust file name to the full path in the file system of your server SSL trust file; for example, /clientssltrusts.jceks, where is the location of your key file.
将发送服务器的服务器 ID添加到受信任的服务器字段,在我们的示例中:cn=wasserver1,dc=demo, dc=ibm, dc=net。
Add the sending server's server ID to the Trusted servers field; in our example: cn=wasserver1,dc=demo,dc=ibm,dc=net.
现在,您的应用服务器密钥和信任文件的所有证书都已处于正确的位置。
All the certificates are now in the right places for your application server key and trust files.
如果我们限制服务器上受信任的签署者,我们就连谁能完成SSL握手都可以限制。
If we limit the signers we trust on the server, we can limit who can even complete that SSL handshake.
入站映射主要依赖于发送和目标服务器之间的信任关系。
Inbound mapping heavily relies on the trust between the sending and the target servers.
在进化中,信任很好的服务于人类因为它增加了脆弱群体生存的机会。
In evolution, trust served humans well because it increased the chances that vulnerable infants would survive.
为了避免对安全漏洞的攻击,使用这些受信任方法的应用服务器不应该使用不受信任的连接方法。
To avoid vulnerability to security breaches, an application server that USES these trusted methods should not use un-trusted connection methods.
目标服务器接收请求,检索gss令牌,提取服务器标识,并与受信任的服务器标识列表进行比较。
The target server receives the request, retrieves the GSS token, extracts the server identity and compares it to the list of trusted server identities.
应用推荐