Web Services Security standards and profiles describe how to provide security and protection for SOAP messages that are exchanged in a web services environment. Using JAX-WS, development of web services and clients is simplified with greater platform independence for Java applications through the use of dynamic proxies and Java annotations.
Security auditing provides tracking and archiving of auditable events for the web services runtime operations. When security auditing is enabled for web services, the event generator utility collects and logs signing, encryption, security, authentication, and delegation events in audit event records. You can analyze the audit event records to identify possible security breaches or potential weaknesses in the security configuration of your environment.
Policy sets are assertions about how services are defined. They are used to simplify the quality of service configuration for web services.
WebSphere® Application Server provides message-level protection for its security token service, known as the WebSphere Application Server trust service. For the trust service, you must use a special class of policy sets known as system policy sets.
Use this topic to configure the Kerberos token for message-level Web Services Security.
Configure policy sets, bindings, and SAML-specific tokens to secure web services and messages.
WebSphere Application Server provides support for a set of default Web Services Security bindings for applications. A set of bindings is a named object that is associated with a specific policy set and service resource attached to the policy set.
General bindings are used as the default bindings at the cell level or server level, or for multiple domains, at the domain level. The general bindings that are included with WebSphere Application Server are initially set as the default bindings. However, you can choose a different binding as the default, or change the level of binding that is used as the default, for example, from cell-level binding to server-level binding.