Advanced Configuration
See Also
The Advanced Configuration section of the Web Service Attributes editor
is part of the security features provided by the
Web Services Interoperability Technology (WSIT).
When you expand the Advanced Configuration section, you find the following
subsections:
- Maximum Time Freshness (ms). The period (in milliseconds) during which a
Timestamp is considered fresh. This option can be used to help Web services
thwart replay attacks. When this option is configured, the Web service
rejects any token that has a timestamp that indicates that it is older
than the time period specified.
- Maximum Skew (ms). This parameter is the difference (in milliseconds)
between the local times of any two systems, in this case, the client andWeb
service. This parameter helps prevent intruders from resetting their system
clocks in order to continue to use expired tokens. Using this option you can
configure the Web service to reject responses from any client whose clock
is different from the Web service’s clock by an amount that exceeds the
maximum clock skew. The default value for maximum clock skew is 300
seconds (five minutes).
- Maximum Nonce Age (ms). The length of time (in milliseconds) a previously
received nonce value will be stored. A nonce is a unique integer that is
included in a token. This parameter helps prevent replay attacks. If the
nonce value matches any stored nonce value, the nonce is an error. If the
Created value is older than the current local time minus Maximum Nonce
Age minus Maximum Clock Skew, it is an error. If there is no error, the
Nonce and Created values from the message are stored.
- Maximum Secure Conversation Token Age (ms).
Legal Notices