WebSphere WebSphere Application Server Express, Version 6.0.x Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Configuring secure transmission of SOAP messages using WS-Security

Configure service integration technologies for secure transmission of SOAP messages using tokens, keys, signatures and encryption in accordance with the Web Services Security (WS-Security) specification.

Before you begin

You can configure the service integration bus for secure transmission of SOAP messages using tokens, keys, signatures and encryption in accordance with the Web Services Security (WS-Security) 1.0 specification.

[Version 6.0.2]Alternatively, you can configure the bus in accordance with the previous WS-Security specification, WS-Security Draft 13 (also known as the Web Services Security Core Specification). However, use of WS-Security Draft 13 is deprecated in WebSphere Application Server Version 6, and you should only use it to enable inter-operation between applications running in WebSphere Application Server Version 5 and Version 6, or to allow continued use of an existing Web services client application that has been written to the WS-Security Draft 13 specification.

Why and when to perform this task

To protect a service integration bus-deployed Web service, you can apply the following types of WS-Security resource to the inbound or outbound ports that the service uses:

The configurations resource type specifies the level of security that you require (for example "The body must be signed"), and the bindings resource type provides the information that the run-time environment needs to implement the configuration (for example "To sign the body, use this key"),

When you associate a WS-Security resource with a port, you choose from a list of WS-Security resources that you have previously configured as described in the following topics:

Note: You can associate any binding with any configuration, so you must ensure that you choose a valid combination.

For an overview of how WS-Security is applied to service integration bus-deployed Web services, see Service integration technologies and WS-Security. For detailed information about how WS-Security is implemented in WebSphere Application Server, see Securing Web services for version 6.0.x applications based on WS-Security. For more information about the WS-Security standard, see the Web Services Security (WS-Security) 1.0 specification.

Related concepts
Service integration technologies and WS-Security
Related tasks
Securing Web services based on WS-Security 1.0
Securing Web services based on WS-Security Draft 13
Administering the SIBWS core resources

Task topic

Terms of Use | Feedback

Last updated: 2 Aug 2005
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.pmc.express.doc\tasks\tjw_wss.html

© Copyright IBM Corporation 2004, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)