[jun2010]

Time stamp

A time stamp is the value of an object that indicates the system time at some critical point in the history of the object.

A time stamp is included in a message to reduce the vulnerability of an application to replay attacks. In Web services, a replay attack occurs when an HTTP request is intercepted and the content is resent to the provider in its original form.

Avoid trouble: When you include a time stamp in a message, you must protect its integrity using transport security, such as secure sockets layer (SSL) or message-level security, such as XML digital signature. If you do not protect the integrity of the time stamp, it is possible to capture the message and retransmit the content with a different time stamp, message expiration date, or both.gotcha

For the JAX-RPC run time, 5 minutes is the default message expiration time that is used for the receiver if a value is not specified in the message. If a different expiration is required for a specific client or you are unsure of the target service default value, configure a message expiration time value for the outbound time stamp.

Supported configurations: sptcfg



Related concepts
Web services security enhancements
Related reference
Web services: Default bindings for the Web services security collection
Security considerations for Web services
Concept topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 10:43:27 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v602web&product=was-nd-mp&topic=cwbs_timestamp
File name: cwbs_timestamp.html


[jun2010]
jun2010