Transport-level security is a well-known and often used mechanism to secure HTTP Internet and intranet communications. Transport-level security can be used to secure web services messages. Transport-level security functionality is independent from functionality that is provided by message-level security (WS-Security) or HTTP basic authentication. You can use the transport-level security binding to secure the communication between your web service client and web service provider.
The ibm-ws-bnd.xml file must be in the /WEB-INF directory of a web-based web services application (WAR file), or in the /META-INF directory of a EJB-based web service application (JAR file).
Transport-level security is based on Secure Sockets Layer (SSL) or Transport Layer Security (TLS) that runs beneath HTTP.
SSL and TLS provide security features including authentication, data protection, and cryptographic token support for secure HTTP connections. To run with HTTPS, the service port address must be in the form https://. The integrity and confidentiality of transport data, including SOAP messages and HTTP basic authentication, is confirmed when you use SSL and TLS.
For all available elements that you can configure within the ibm-ws-bnd.xml file, see Liberty profile: The ibm-ws-bnd.xml file.