This will not be a long post. I won’t describe ws-security policy and it’s usage, as you can find many sources that already do – like this blog post by Ross Lodge.

When creating a client for a Web Service that has security requirements specified in a ws-security policy document you may have to know the default values for various algorithms to not search blindly for a combination that works. It’s a basic information but only one blog that I came across mentions it, and it’s buried deep in the the article. I overlooked it when I was searching for default algorithms myself (I don’t know why I haven’t checked the spec in the first place :)). So this post is meant to be a short, focused and expose this one piece of information.

Algorithm names for a given algorithm suite are described in WS-Security Policy specification. Let’s discuss an example – a web service is secured using a X509v3 Token with Basic256 and Symetric Key Wrap algorith. To find out the algorithm names that the client must use just go to the table at the end of chapter 6.1 there look at the line for algorithm suite Basic256:

Algorithm Suite [Dig] [Enc] [Sym KW] [Asym KW] [Enc KD] [Sig KD] [Min SKL]
Basic256 Sha1 Aes256 KwAes256 KwRsaOaep PSha1L256 PSha1L192 256

Acronyms for algorithms are explained above the table:
Digital signature – Sha1 (
Xml Encryption – Aes256 (
Symmetric Key wrap – KwAes256 (
Minimum symmetric key length – 256 bits