WebSphere Application Server supports the Organization for the Advancement of Structured Information (OASIS) Web Services Security (WS-Security) specifications.
The following list shows the aspects of the OASIS: Web Services Security: SOAP Message Security 1.0 specification that are supported in WebSphere Application Server Versions 6 and later.
Supported topic | Specific aspect that is supported |
---|---|
Security header |
|
Security tokens |
|
Token references |
|
Signature algorithms |
|
Signature signed parts |
|
Encryption algorithms |
Advanced Encryption Standard (AES) is designed to provide stronger and better performance for symmetric key encryption over Triple-DES (data encryption standard). Therefore, it is recommended that you use AES, if possible, for symmetric key encryption. |
Encryption message parts |
|
Time stamp |
|
Error handling | SOAP faults |
IBM WebSphere Application Server Version 6.1 Feature Pack for Web Services. The following list shows the aspects of the OASIS: Web Services Security SOAP Message Security 1.1 specification that are supported in WebSphere Application Server. Items that were previously supported for Web Services Security: SOAP Message Security 1.0 are not listed but are still supported, unless noted otherwise.
Supported topic | Specific aspect that is supported |
---|---|
Security header |
|
Signature | Signature confirmation |
Signed parts | Header - specify QName to select header elements
in the SOAP header of the SOAP message to be integrity protected
|
Encryption | EncryptedHeader element |
Encrypted parts | Header - specify QName to select header elements
in the SOAP header of the SOAP message to be confidentiality protected
This results in an EncryptedHeader element which contains the EncryptedData element. For Web Services Security Version 1.0 behavior, specify the com.ibm.ws.wssecurity.encryptedHeader.generate.WSS1.0 property with a value of true in the EncryptionInfo in the bindings. Specifying this property results in an EncryptedData element. |
Error handling | SOAP faults
|
The following list shows the aspects of the OASIS: Web Services Security Username Token Profile 1.0 specification that is supported in WebSphere Application Server.
Supported topic | Specific aspect that is supported |
---|---|
Password types | Text |
Token references | Direct reference |
The following list shows the aspects of the OASIS: Web Services Security Username Token Profile 1.1 specification that is supported in WebSphere Application Server. Items that were previously supported for Web Services Security UsernameToken Profile 1.0 are not listed but are still supported, unless noted otherwise.
Supported topic | Specific aspect that is supported |
---|---|
Password types | Text |
Token references | Direct reference |
The following list shows the aspects of the OASIS: Web Services Security X.509 Certificate Token Profile specification that is supported in WebSphere Application Server Versions 6 and later.
Supported topic | Specific aspect that is supported |
---|---|
Token types |
|
Token references |
|
The following list shows the aspects of the OASIS: Web Services Security X.509 Certificate Token Profile 1.1 specification that is supported in WebSphere Application Server. Items that were previously supported for Web Services Security X.509 Certificate Token Profile 1.0 are not listed but are still supported, unless noted otherwise.
Supported topic | Specific aspect that is supported |
---|---|
Token types | X.509 Version 1: Single certificate |
Token references | Key identifier – subject key identifier
|
S12 is the namespace prefix of http://www.w3.org/2003/05/soap-envelope
See SOAP Version 1.2 Message Normalization for information, such as an empty header or header entry with mustUnderstand=false is removed, and so forth.