[Version 5.0.2 and later]Enabling Web Services Security (WS-Security) for the gateway

You can configure the gateway for secure transmission of SOAP messages using tokens, keys, signatures and encryption in accordance with the Web Services Security (WS-Security) draft recommendation.

Why and when to perform this task

For more information on how WS-Security is implemented in WebSphere Application Server Network Deployment, see Securing Web services. For more information on the approach taken by the gateway to implementing this emerging standard, see The Web services gateway and WS-Security.

The gateway sits between the service requester (the client) and the target Web service. You configure the gateway to act as the target service from the point of view of the client, and as the client from the point of view of the target service. You therefore need to get, from the owning parties, the WS-Security configurations for both the client and the Web service. This information is found in the following files on the owners systems:

If the client is hosted on WebSphere Application Server, and the Web service security settings are created using IBM Web services tooling (for example WebSphere Studio Application Developer), then the files that contain the security settings and binding information have the exact file names (*.xmi) noted previously. For clients and Web services from other vendors, these files have different file names.

You need to copy the key store and certificate store files to the gateway file system, and to enter and configure for the gateway the security settings that are contained in the .xmi files. The security settings are entered and configured manually using the gateway administrative user interface. There are tools available (for example WebSphere Studio Application Developer) that can parse the .xmi files for you.

You use the Gateway > Security option to configure the security bindings (the tokens, keys, signatures and encryption methods) that are available to the gateway, as described in Configuring the gateway security bindings. You then configure the level of security that applies at each stage of the transmission (and note that different levels of security, including no security, can be applied at each stage):

For information on how to configure the security levels, see the following topics:


Related tasks
Securing the Web services gateway
Enabling basic authentication and authorization for the gateway
Invoking Web services over HTTPS
Enabling proxy authentication for the gateway[Version 5.0.2 and later]
Troubleshooting the Web services gateway
Securing Web services based on WS-Security[Version 5.0.2 and later]



Searchable topic ID:   twsg_security_wss
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/twsg_security_wss.html

Library | Support | Terms of Use | Feedback