[Version 5.0.2 and later]Web services: default bindings for the Web services security collection

Use this page to configure the settings for nonce on the server level and to manage the default bindings for trust anchors, the collection certificate store, key locators, trusted ID evaluators, and login mappings.

To view this administrative console page, click Servers > Application Servers > server_name. Under Additional Properties, click Web Services: Default bindings for Web Services Security.

Read the Web services documentation before you begin defining the default bindings for Web services security.

To define the server bindings, complete the following steps:

  1. Click Applications > Enterprise Applications > application_name.
  2. Under Related Items, click Web Modules > URI_file_name > Web Services: Server Security Bindings.

To define the client bindings, complete the following steps:

  1. Click Applications > Enterprise Applications > application_name.
  2. Under Related Items, click Web Modules > URI_file_name > Web Services: Client Security Bindings.

The default binding configuration provides a central location where reusable binding information is defined. The application binding file can reference the information contained in the default binding configuration.

Trust Anchors   [Version 5.0.2 and later]
Specifies a list of keystore objects that contain the trusted root certificates, self-signed or issued by a certificate authority (CA).

The certificate authority authenticates a user and issues a certificate. After the certificate is issued, the keystore objects, which contain these certificates, use the certificate for certificate path or certificate chain validation of incoming X.509-formatted security tokens.

Collection Certificate Store   [Version 5.0.2 and later]
Specifies a list of the untrusted, intermediate certificate files.

The collection certificate store contains a chain of untrusted, intermediate certificates. The CertPath API attempts to validate these certificates, which are based on the trust anchor.

Key Locators   [Version 5.0.2 and later]
Specifies a list of key locator objects that retrieves the keys for digital signature and encryption from a keystore file or a repository. The key locator maps a name or logical name to an alias or maps an authenticated identity to a key. This logical name is used to locate a key in a key locator implementation.
Trusted ID Evaluators   [Version 5.0.2 and later]
Specifies a list of trusted ID evaluators that determines whether to trust the identity-asserting authority or the message sender.

The trusted ID evaluators are used to authenticate additional identities from one server to another server. For example, a client sends the identity of user A to server 1 for authentication. Server 1 calls downstream to server 2, asserts the identity of user A, and includes the user ID and password of server 1. Server 2 attempts to establish trust with server 1 by authenticating its user ID and password and checking the trust based on the TrustedIDEvaluator implementation. If the authentication process and the trust check are successful, server 2 trusts that server 1 authenticated user A and a credential is created for user A on server 2 to invoke the request.

Login Mappings   [Version 5.0.2 and later]
Specifies a list of configurations for validating tokens within incoming messages.

Login mappings map the authentication method to the Java Authentication and Authorization Service (JAAS) configuration.

To configure JAAS, use the administrative console and click Security > JAAS Configuration.


Related tasks
Securing Web services based on WS-Security
Related reference
Trust anchors collection
Collection certificate store collection
Key locator collection
Trusted ID evaluator collection
Login mappings collection
Login mapping configuration settings



Searchable topic ID:   uwbs_websvcb
Last updated: Jun 21, 2007 8:07:48 PM CDT    WebSphere Business Integration Server Foundation, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.wasee.doc/info/ee/ae/uwbs_websvcb.html

Library | Support | Terms of Use | Feedback