[Version 6 only]WebSphere Application Server - Express, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Security considerations for Web services

In WebSphere Application Server Version 6.0.x, when you enable integrity, confidentiality, and the associated tokens within a Simple Object Access Protocol (SOAP) message, security is not guaranteed. When you configure Web services security, you must make every effort to verify that the result is not vulnerable to a wide range of attack mechanisms. This article provides some information about the possible security concerns that arise when you are securing Web services. This list of security concerns is not complete. You must conduct your own security analysis for your environment.

Securing Web services involves more work than just enabling XML digital signature and XML encryption. To properly secure a Web service, you must have knowledge about the Public Key Infrastructure (PKI). The amount of security that you need depends upon the deployed environment and the usage patterns. However, there are some basic rules and best practices for securing Web services. It is recommended that you read some books on PKI and read information on the Web Services Interoperability Organization (WS-I) Basic Security Profile (BSP).




Related tasks
Securing Web services for version 6.0.x applications based on WS-Security

Reference topic    

Terms of Use | Feedback

Last updated: Jun 8, 2005 12:45:23 PM EDT
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/rwbs_secconsider6wssec.html

© Copyright IBM Corporation 2004, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)