The Web Services Security specification
defines core facilities
for protecting the integrity and confidentiality of a message, and
provides mechanisms for associating security-related claims with a
message.
Subtopics:
What is new for securing web services
In WebSphere® Application Server,
there are many security enhancements for web services. The enhancements
include supporting sections of the Web Services Security (WS-Security)
specifications and providing architectural support for plugging in
and extending the capabilities of security tokens.
Web Services Security configuration considerations
To secure web services for WebSphere Application
Server, you must specify several different configurations. Although
there is not a specific sequence in which you must specify these different
configurations, some configurations reference other configurations.
Default bindings and runtime properties for Web Services Security
Use this page to configure the settings for nonce on the
server level and to manage the default bindings for the signing information,
encryption information, key information, token generators, token consumers,
key locators, collection certificate store, trust anchors, trusted
ID evaluators, algorithm mappings, and login mappings.
Web Services Security provides message integrity, confidentiality, and authentication
OASIS Web Services Security (WS-Security) is a flexible
standard that is used to secure web services at the message level
within multiple security models. You can secure SOAP messages through
XML digital signature, confidentiality through XML encryption, and
credential propagation through security tokens.