The Web Services Security (WSS): SOAP Message Security 1.0 specification describes the use of security tokens and digital signatures to protect and authenticate SOAP messages.
Web Services Security protects the privacy and integrity of SOAP messages by, respectively, protecting messages from unauthorized disclosure and preventing unauthorized and undetected modification. WSS provides this protection by digitally signing and encrypting XML elements in the message. The elements that can be protected are the body, or any elements within the body or the header. Different levels of protection can be given to different elements within the SOAP message.
CICS does not support Web Services Security for atomic transactions
(WS-AT).
If you want to use your own security procedures and processing, you can write a custom message handler to process secure SOAP messages in the pipeline. Read technote 1239021 on the IBM support site at http://www.ibm.com/software/htp/cics/support/ for details of what you should include. For general information on how to write a custom message handler, see the Application Development for CICS Web Services redbook.
As an alternative to using Web Services Security, you can use
SSL to encrypt the whole data stream.