The WSSecurity default policy sets are based on the Web Services
Security (WS-Security) 1.0 and Web Services Addressing (WS-Addressing) specifications.
The WSSecurity default policy sets include the WSSecurity default policy set,
the Lightweight Third-Party Authentication (LTPA) WSSecurity policy set, and
the Username WSSecurity policy set. Use the WSSecurity default policy sets
to build secure Web services.
The WSSecurity default policy sets use the WS-Security 1.0 specification
enhancements to SOAP messaging to provide quality of protection through message
integrity, message confidentiality, and single message authentication. Providing
quality of protection means to prevent the following potential threats to
SOAP messages:
- The message being modified or read by antagonists
- An antagonist sending messages to a service that are formed correctly,
but lack the appropriate security claims to be processed
The WSSecurity default policy sets provide message protection by using
WS-Security to digitally sign the WS-Addressing headers, the time stamp and
the body. This policy set also encrypts the signature and the body. RSA public
key cryptography is used for the signature and for encryption operations.
The WS-Addressing specification defines XML 1.0 and XML Namespaces elements
to identify Web services endpoints and to secure end-to-end endpoint identification
in messages.
Use the WSSecurity default policy set, the LTPA WSSecurity policy set,
or the Username WSSecuritypolicy set as provided with the application server.
To customize the policy sets, you must first copy the policy set, and then
configure custom policy settings and bindings to meet your needs.
The following WSSecurity default policy sets exist:
- WSSecurity default
- This policy set provides:
- Message integrity through digital signature (using RSA public-key cryptography)
to sign the body, time stamp, and WS-Addressing headers using WS-Security
specifications.
- Message confidentiality through encryption (using RSA public-key cryptography)
to encrypt the body, and signature elements using WS-Security specifications.
- LTPA WSSecurity default
- This policy set provides the WSSecurity default policy set and adds aLightweight
Third Party Authentication (LTPA) token included in the request message to
authenticate the client to the service.
- Username WSSecurity default
- This policy set provides the WSSecurity default policy set and adds a
username token included in the request message to authenticate the client
to the service. The username token is encrypted in the request.