The privacy and integrity of data that is accessed when WebSphere® Process
Server processes
are invoked is critical to your security.
Data privacy and data integrity are closely related concepts. For
a more detailed discussion, refer to the WebSphere Application Server
Network Deployment information
center.
Privacy
Privacy means that it should not
be possible for an unauthorized user to intercept and read data.
Integrity
Integrity means that it should
not be possible for an unauthorized user to alter data.
Solutions provided in WebSphere Process
Server
WebSphere Process
Server supports
two widely used solutions for data privacy and integrity:
- Secure Sockets Layer (SSL) protocol. SSL uses a handshake to authenticate
the end points and exchange information that is used to generate the
session key that will be used by the end points for encryption and
decryption. SSL is a synchronous protocol and is suitable for point-to-point
communication. SSL requires that the two end points maintain a connection
with each other for the duration of the SSL session.
- WS-Security. This standard defines Simple Object Access Control
(SOAP) extensions for securing SOAP messages. WS-Security adds support
for authentication, integrity, and privacy for a single SOAP message.
Unlike SSL, there is no handshake to establish a session key. This
makes WS-Security suitable for securing messages in an asynchronous
environment, such as SOAP over Java™ Message
Service (JMS) or SOAP over Service Integration Bus (SIB). WS-Security
deployment descriptors can be set in your applications before deployment. See related information for more details.
In a business integration environment with multiple systems interacting
with one another, it is likely that some of the communication will
be asynchronous. Therefore, in most instances, WS-Security is the
superior solution.