Important distinction between Version 5.x and Version 6.0.x applications
Note: The
information in this article supports version 5.x
applications only that are used with WebSphere Application Server Version
6. The information does not apply to version 6.0.x applications.
The response sender defines the security requirements of the Simple Object
Access Protocol (SOAP) response message. The security handler acts on the
security constraints defined for the response in the IBM extension deployment
descriptors, located in the
ibm-webservices-ext.xmi file and the
bindings, located in the
ibm-webservices-bnd.xmi file. The security
handler signs, encrypts, or generates the time stamp for the SOAP response
message before the response is send to the caller.
- Integrity constraints (digital signature)
- You can select which parts of the message are digitally signed.
- Confidentiality (encryption)
- You can encrypt the body content of the message.
- Time stamp
- You can have a time stamp for checking the timeliness of the message.
The security constraints that apply to the SOAP response message must match
the security requirements defined in the response receiver. Otherwise, the
response is rejected by the response receiver (caller).