[jun2010]

Time stamp

A time stamp is the value of an object that indicates the system time at some critical point in the history of the object.

A time stamp is included in a message to reduce the vulnerability of an application to replay attacks. In Web services, a replay attack occurs when an HTTP request is intercepted and the content is resent to the provider in its original form.

Avoid trouble: When you include a time stamp in a message, you must protect its integrity using transport security, such as secure sockets layer (SSL) or message-level security, such as XML digital signature. If you do not protect the integrity of the time stamp, it is possible to capture the message and retransmit the content with a different time stamp, message expiration date, or both.gotcha

For both the JAX-RPC and JAX-WS WS-Security run times, 5 minutes is the default message expiration time that is used for the receiver if a value is not specified in the message. If a different expiration is required for a specific client or you are unsure of the target service default value, configure a message expiration time value for the outbound time stamp.

Supported configurations: sptcfg



Related concepts
Web services security enhancements
Related tasks
Configuring the WS-Security policy
Related reference
Message expiration settings
Default bindings and runtime properties for Web services security
Security considerations for Web services
Concept topic    

Terms of Use | Feedback

Last updated: Oct 22, 2010 12:21:29 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-zos&topic=cwbs_timestamp
File name: cwbs_timestamp.html


[jun2010]
jun2010