There are eight parts of Web services security that you must configure to secure your SOAP messages using either digital signature or encryption. Four of these parts involve the deployment descriptor extensions and four parts involve the bindings that correspond to the deployment descriptors.
For information on how to import your application, see Importing enterprise applications.
Client | Server |
---|---|
1. Request generator extensions | 2. Request consumer extensions |
3. Request generator bindings | 4. Request consumer bindings |
5. Response consumer extensions | 6. Request generator extensions |
7. Response consumer bindings | 8. Response generator bindings |
In Web services security for WebSphere Application Server Versions 6 and later, integrity refers to digital signature and confidentiality refers to encryption. Integrity decreases the risk of data modification when data is transmitted across a network. Confidentiality reduces the risk of someone intercepting the message as it moves across a network. With confidentiality, however, the message is encrypted before it is sent and decrypted when it is received by its target server. The article provides the steps needed to secure your Web services using either integrity or confidentiality.
In the generator bindings, you can specify which message parts to sign (integrity) or encrypt (confidentiality) and what method is used. In the consumer bindings, you specify when the message parts are signed or encrypted. After you verify the digital signature or encryption in the consumer, the consumer verifies that the specified message parts are actually signed or encrypted. If the digital signature or encryption is required and the message is not signed or encrypted, the message is rejected by the consumer.
There are two different methods to specify what needs to be signed (integrity) or encrypted (confidentiality). You can use either keywords or an XPath expression to configure message parts, a nonce, or a time stamp. When you use keywords, you can specify only certain elements within a message. With an XPath expression, you can specify any part of the message.