Support for Web Services Security

The Web Services Security (WSS): SOAP Message Security 1.0 specification describes the use of security tokens and digital signatures to protect and authenticate SOAP messages.

Web Services Security protects the privacy and integrity of SOAP messages by, respectively, protecting messages from unauthorized disclosure and preventing unauthorized and undetected modification. WSS provides this protection by digitally signing and encrypting XML elements in the message. The elements that can be protected are the body, or any elements within the body or the header. Different levels of protection can be given to different elements within the SOAP message.

CICS® Transaction Server for z/OS® provides support for WSS: SOAP Message Security through the use of a CICS-supplied message handler, DFHWSSE1.

Start of changeCICS does not support Web Services Security for atomic transactions (WS-AT).End of change

Start of changeThere is a significant performance impact when you use WSS to secure your Web services. The main advantage of implementing WSS is that by encrypting part of a SOAP message, you can send the message through a chain of intermediate nodes, all of which might have legitimate reasons to look at the SOAP header to make routing or processing decisions, but are not allowed to view the content of the message. By encrypting those sections that need to be confidential you: End of change

If you want to use your own security procedures and processing, you can write a custom message handler to process secure SOAP messages in the pipeline. Read technote 1239021 on the IBM support site at http://www.ibm.com/software/htp/cics/support/ for details of what you should include. For general information on how to write a custom message handler, see the Application Development for CICS Web Services redbook.

Start of changeAs an alternative to using Web Services Security, you can use SSL to encrypt the whole data stream.End of change