The Web services security specification defines core facilities for protecting the integrity and confidentiality of a message, and provides mechanisms for associating security-related claims with a message.WS-Security
In WebSphere® Application Server Version 7, there are many security enhancements for Web services. The enhancements include supporting sections of the Web Services Security (WS-Security) specifications and providing architectural support for plugging in and extending the capabilities of security tokens.
To secure Web services for WebSphere Application Server, you must specify several different configurations. Although there is not a specific sequence in which you must specify these different configurations, some configurations reference other configurations.
Use this page to configure the settings for nonce on the server level and to manage the default bindings for the signing information, encryption information, key information, token generators, token consumers, key locators, collection certificate store, trust anchors, trusted ID evaluators, algorithm mappings, and login mappings.
OASIS Web Services Security (WS-Security) is a flexible standard that is designed to secure Web services within a wide variety of security models. You can secure SOAP messages through XML digital signature, confidentiality through XML encryption, and credential propagation through security tokens. Web services implements security using technology that includes transport-level Secure Sockets Layer (SSL).