Configuring Web services security while assembling Web services applications

There are eight parts of Web services security that you must configure to secure your SOAP messages using either digital signature or encryption. Four of these parts involve the deployment descriptor extensions and four parts involve the bindings that correspond to the deployment descriptors.

Before you begin

Prior to completing this task, you must import your application into an assembly tool.

For information on how to import your application, see Importing enterprise applications.

About this task

The following table illustrates these eight parts that involve both the client and the server or a server acting as a client. It is recommended that you configure each of these parts in order from left to right in the table. For example, configure the request generator extensions and then the request consumer extensions because the configurations must match. After you configure the request generator and request consumer extensions, configure the request generator and the request consumer bindings, and so on.
Table 1. Client and server extensions and bindings relationship
Client Server
1. Request generator extensions 2. Request consumer extensions
3. Request generator bindings 4. Request consumer bindings
5. Response consumer extensions 6. Request generator extensions
7. Response consumer bindings 8. Response generator bindings

In Web services security for WebSphere Application Server Versions 6 and later, integrity refers to digital signature and confidentiality refers to encryption. Integrity decreases the risk of data modification when data is transmitted across a network. Confidentiality reduces the risk of someone intercepting the message as it moves across a network. With confidentiality, however, the message is encrypted before it is sent and decrypted when it is received by its target server. The article provides the steps needed to secure your Web services using either integrity or confidentiality.

In the generator bindings, you can specify which message parts to sign (integrity) or encrypt (confidentiality) and what method is used. In the consumer bindings, you specify when the message parts are signed or encrypted. After you verify the digital signature or encryption in the consumer, the consumer verifies that the specified message parts are actually signed or encrypted. If the digital signature or encryption is required and the message is not signed or encrypted, the message is rejected by the consumer.

There are two different methods to specify what needs to be signed (integrity) or encrypted (confidentiality). You can use either keywords or an XPath expression to configure message parts, a nonce, or a time stamp. When you use keywords, you can specify only certain elements within a message. With an XPath expression, you can specify any part of the message.

In addition to securing Web services for integrity and confidentiality, the assembly tools enable you to complete the following tasks:

Procedure

Results

By completing the previous steps, you have configured your application for either digital signature (integrity) or encryption (confidentiality).



In this information ...


Subtopics

IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 9:31:45 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-nd-mp&topic=twbs_confappwssassembly
File name: twbs_confappwssassembly.html