Protect the integrity and confidentiality of a message and associate security-related claims with the message.
Web services security standards and profiles describe how to provide security and protection for SOAP messages that are exchanged in a Web services environment.
You can configure name-value pairs of data, where the name is a property key and the value is a string value that you can use to set internal system configuration properties. Defining a new property enables you to configure a setting beyond that which is available through options in the administrative console.
The Web services security specification defines core facilities for protecting the integrity and confidentiality of a message, and provides mechanisms for associating security-related claims with a message.WS-Security
Web services security standards and profiles address how to provide message-level protection for messages that are exchanged in a Web service environment.
Standards and profiles address how to provide protection for messages that are exchanged in a Web service environment.
You can use the product Security Assertion Markup Language (SAML) function to apply a default policy to use SAML assertions in Web services messages and in Web services usage scenarios.
You can use the generic security token login modules to issue, validate, and exchange security tokens using an external Security Token Service (STS).
You can enable Web Services Security by using cryptographic hardware devices for both Web service clients and Web service providers that are running in the WebSphere® Application Server environment. A cryptographic token is a hardware or software device with a built-in keystore implementation. Cryptographic devices are used to manage certificates stored on the cryptographic tokens. These devices are also called smartcards. You enable hardware cryptographic devices for Web service security by either using keys that are stored in hardware devices or by using keys stored in a Java™ keystore file.
Web services security for WebSphere Application Server is based on standards included in the Web Services Security (WS-Security) specification. These standards address how to provide protection for messages exchanged in a Web service environment.