WebSphere Process Server supports two
widely used solutions for data privacy and integrity:
- Secure Sockets Layer (SSL) protocol. SSL uses a handshake to authenticate
the end points and exchange information that is used to generate the session
key that will be used by the end points for encryption and decryption. SSL
is a synchronous protocol and is suitable for point to point
communication. SSL requires that the two end points maintain a connection
with each other for the duration of the SSL session.
- WS-Security. This standard defines Simple Object Access Control (SOAP)
extensions for securing SOAP messages. WS-Security adds support for authentication,
integrity, and privacy for a single SOAP message. Unlike SSL, there is no
handshake to establish a session key. This makes WS-Security suitable for
securing messages in an asynchronous environment, such as SOAP over Java Message
Service (JMS) or SOAP over Service Integration Bus (SIB).
In a business integration environment with multiple systems interacting
with one another, it is likely that some of the communication will be asynchronous.
Therefore, in most instances, WS-Security is the superior solution.