[Version 5.0.2 and later]Transport level security

Transport level security is based on Secure Sockets Layer (SSL) or Transport Layer Security (TLS) that runs beneath HTTP.

Transport level security can be used to secure Web services messages. It is orthogonal to the security support provided by WS-Security or HTTP Basic Authentication.

SSL and TLS provide security features including authentication, data protection, and cryptographic token support for secure HTTP connections. To run with HTTPS, the service endpoint address must be in the form https://.

The integrity and confidentiality of transport data, including SOAP messages and HTTP basic authentication, is confirmed when you use SSL and TLS. See Secure Sockets Layer for more information. Web services applications can also use Federal Information Processing Standard (FIPS) approved ciphers for more secure TLS connections.

WebSphere Application Server uses the Java Secure Sockets Extension (JSSE) package to support SSL and TLS.


Related concepts
Secure Sockets Layer
Related tasks
Securing Web services based on WS-Security
Configuring HTTP outbound transport level security
Configuring HTTP basic authentication
Related reference
HTTP SSL configuration collection



Searchable topic ID:   cwbs_clienttransport
Last updated: Jun 21, 2007 4:12:58 PM CDT    WebSphere Application Server Express, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.exp.doc/info/exp/ae/cwbs_clienttransport.html

Library | Support | Terms of Use | Feedback