Service integration technologies provides a range of facilities for secure communication between the service requester and the service integration bus, and between the bus and the target service.
By default, bus-enabled web services are available when WebSphere® Application Server security is enabled and your service integration buses are secured. However this level of security does not impose any restrictions on the users of individual web services. To control how your web services are used by each group of your colleagues or customers, you can further configure your web services to work with password-protected components and servers, with WS-Security and with HTTPS. To do this, see the following topics:
To override the default configuration through which the bus-enabled web services component accesses a secure service integration bus, you configure an authentication alias that the service integration resource adapter uses to access the bus.
Configure service integration technologies for secure transmission of SOAP messages by using tokens, keys, signatures and encryption in accordance with the Web Services Security (WS-Security) specification.
Configure user ID and password authentication and authorization for inbound services, and for individual operations within a web service. Invoke password-protected outbound services, and access password-protected proxy servers.
Use Secure Sockets Layers (SSL) to allow the service integration bus to invoke external web services that include https:// in their addresses.