Administering Web Services Security
To secure web services, you must consider a broad set of security requirements, including authentication, authorization, privacy, trust, integrity, confidentiality, secure communications channels, delegation, and auditing across a spectrum of application and business topologies. You can choose to configure Web Services Security for the application level, the server level or the cell level, depending upon your environment and security needs.
次主題
Configuring HTTP outbound transport level security with the administrative console
You can configure HTTP outbound transport level security with the administrative console.Configuring HTTP outbound transport level security using Java properties
You can configure the HTTP outbound transport level security for a web service using Java™ properties.使用管理主控台為 JAX-RPC Web 服務配置 HTTP 基本鑑別
您可以使用管理主控台為 Java API for XML-based RPC (JAX-RPC) Web 服務配置 HTTP 基本鑑別。Building XPath expressions for WS-Security
JAX-RPC and JAX-WS WS-Security configurations use XML-based SOAP messages to exchange information between applications. You can use an XPath expression to select specific elements in a SOAP message to sign or encrypt.Configuring custom properties to secure web services
You can configure name-value pairs of data, where the name is a property key and the value is a string value that you can use to set internal system configuration properties. Defining a new property enables you to configure a setting beyond that which is available through options in the administrative console.Service Programming Interfaces (SPI)
The Web Services Security service programming interface (WSS SPI) provides programming interfaces for securing Web Services Security.Administering message-level security for JAX-WS web services
Web Services Security standards and profiles describe how to provide security and protection for SOAP messages that are exchanged in a web services environment. Using JAX-WS, development of web services and clients is simplified with greater platform independence for Java applications through the use of dynamic proxies and Java annotations.Administering message-level security for JAX-RPC web services
The Java™ API for XML-based RPC (JAX-RPC) specification enables you to develop SOAP-based interoperable and portable web services and web service clients. JAX-RPC simplifies development of web services by shielding you from the underlying complexity of SOAP communication, and enables clients to access a web service as if the web service was a local object mapped into the client's address space.Enabling cryptographic keys stored in hardware devices for Web Services Security
You can enable Web Services Security by using cryptographic hardware devices for both web service clients and web service providers that are running in the WebSphere® Application Server environment.Configuring XML digital signature for Version 5.x web services with the administrative console
XML digital signature provides both message integrity and authentication capabilities when it is used with SOAP messages. XML digital signature is one of the methods WebSphere® Application Server provides to secure web services. You can use the WebSphere® Application Server administrative console to configure XML digital signature.Configuring XML encryption for Version 5.x web services with the administrative console
XML encryption is one method that WebSphere® Application Server provides to secure web services. You can use XML encryption in conjunction with XML digital signature to scramble the content while verifying the authenticity of the message sender. Using XML encryption, you can encrypt an XML element, the content of an XML element, or arbitrary data such as an XML document.Building XPath expressions for WS-Security
JAX-RPC and JAX-WS WS-Security configurations use XML-based SOAP messages to exchange information between applications. You can use an XPath expression to select specific elements in a SOAP message to sign or encrypt.


http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=container_wssec_administering
檔名:container_wssec_administering.html