Request sender

The security handler on the request sender side of the SOAP message enforces the security constraints, located in the ibm-webservicesclient-ext.xmi file, and bindings, located in the ibm-webservicesclient-bnd.xmi file. These constraints and bindings apply both to Java™ Platform, Enterprise Edition (Java EE) application clients or when Web services is acting as a client. The security handler acts on the security constraints before sending the SOAP message. For example, the security handler might digitally sign the message, encrypt the message, create a time stamp, or insert a security token.

Important: There is an important distinction between Version 5.x and Version 6 and later applications. The information in this article supports Version 5.x applications only that are used with WebSphere® Application Server Version 6.0.x and later. The information does not apply to Version 6 and later applications.
The security handler on the request sender side of the SOAP message enforces the security constraints, located in the ibm-webservicesclient-ext.xmi file, and the bindings, located in the ibm-webservicesclient-bnd.xmi file. These constraints and bindings apply both to Java Platform, Enterprise Edition (Java EE) application clients or when Web services is acting as a client. The security handler acts on the security constraints before sending the SOAP message. Request sender security constraints must match the security constraint requirements defined in the request receiver. For example, the security handler might digitally sign the message, encrypt the message, create a time stamp, or insert a security token. You can specify the following security requirements for the request sender and apply them to the SOAP message:
Integrity (digital signature)
You can select multiple parts of a message to sign digitally. The following list contains the integrity options:
  • Body
  • Time stamp
  • Security token
Confidentiality (encryption)
You can select multiple parts of a message to encrypt. The following list contains the confidentiality options:
  • Body content
  • Username token
Security token
You can insert only one token into the message. The following list contains the security token options:
  • Basic authentication, which requires both a user name and a password
  • Identity assertion, which requires a user name only
  • X.509 binary security token
  • Lightweight Third Party Authentication (LTPA) binary security token
  • Custom token , which is pluggable and supports custom-defined tokens in the SOAP message
Timestamp
You can have a time stamp to indicate the timeliness of the message.
  • Timestamp



Subtopics
Request sender binding collection
Related concepts
Response sender
Response receiver
Request receiver
Related tasks
Securing Web services for Version 5.x applications using XML encryption
Concept topic    

Terms of Use | Feedback

Last updated: Oct 20, 2010 9:57:58 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-base-dist&topic=cwbs_reqsend
File name: cwbs_reqsend.html