WSSecurity default policy sets

The WSSecurity default policy sets are based on the Web Services Security (WS-Security) 1.0 and Web Services Addressing (WS-Addressing) specifications. The WSSecurity default policy sets include the WSSecurity default policy set, the Lightweight Third-Party Authentication (LTPA) WSSecurity policy set, and the Username WSSecurity policy set. Use the WSSecurity default policy sets to build secure Web services.

The WSSecurity default policy sets use the WS-Security 1.0 specification enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. Providing quality of protection means to prevent the following potential threats to SOAP messages:

The WSSecurity default policy sets provide message protection by using WS-Security to digitally sign the WS-Addressing headers, the time stamp and the body. This policy set also encrypts the signature and the body. RSA public key cryptography is used for the signature and for encryption operations.

The WS-Addressing specification defines XML 1.0 and XML Namespaces elements to identify Web services endpoints and to secure end-to-end endpoint identification in messages.

Use the WSSecurity default policy set, the LTPA WSSecurity policy set, or the Username WSSecuritypolicy set as provided with the application server. To customize the policy sets, you must first copy the policy set, and then configure custom policy settings and bindings to meet your needs.

The following WSSecurity default policy sets exist:
WSSecurity default
This policy set provides:
  • Message integrity through digital signature (using RSA public-key cryptography) to sign the body, time stamp, and WS-Addressing headers using WS-Security specifications.
  • Message confidentiality through encryption (using RSA public-key cryptography) to encrypt the body, and signature elements using WS-Security specifications.
LTPA WSSecurity default
This policy set provides the WSSecurity default policy set and adds aLightweight Third Party Authentication (LTPA) token included in the request message to authenticate the client to the service.
Username WSSecurity default
This policy set provides the WSSecurity default policy set and adds a username token included in the request message to authenticate the client to the service. The username token is encrypted in the request.



Related concepts
Web services policy sets
Related tasks
Creating policy sets using the administrative console
Concept topic Concept topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 1:23:07 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=cwbs_wsspswss
File name: cwbs_wsspswss.html