Response receiver

The response receiver defines the security requirements of the response received from a request to a Web service. The security constraints for response sender must match the security requirements of the response receiver. If the constraints do not match, the response is not accepted by the caller or the sender.

Important: There is an important distinction between Version 5.x and Version 6.0.x and later applications. The information in this article supports Version 5.x applications only that are used with WebSphere Application Server Version 6.0.x and later. The information does not apply to Version 6.0.x and later applications.

The security handler enforces the security constraints based on the security requirements defined in the IBM extension deployment descriptor, located in the ibm-webservicesclient-ext.xmi file and in the bindings, located in the ibm-webservicessclient-bnd.xmi file.

For example, the security requirement might have the response SOAP body encrypted. If the SOAP body of the SOAP message is not encrypted, the response is rejected and the appropriate fault code is communicated back to the caller of the Web services.

You can specify the following security requirements for a response receiver:
Required integrity (digital signature)
You can select which parts of a message are digitally signed. The following list contains the integrity options:
  • Body
  • Time stamp
Required confidentiality (encryption)
You can encrypt the body content of the message.
Received time stamp
You can have a time stamp for checking the timeliness of the message.



Subtopics
Response receiver binding collection
Related concepts
Request sender
Response sender
Request receiver
Related tasks
Securing Web services for Version 5.x applications using XML encryption
Concept topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 8:25:23 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-nd-zos&topic=cwbs_resprec
File name: cwbs_resprec.html