Configure Web services security using JAX-RPC at the platform level

Configure Web services security using JAX-RPC at the platform level

In the platform configuration, general properties and additional properties can be specified, and the default binding is included. You can configure security for Web services at a platform level with a variety of tasks including configuring key locators, trust anchors, and the collection certificate at the generator, consumer binding, and sever levels.
Besides the application-level constraints, there is a cell-level and server-level Web services security (WSS) configuration called a platform-level configuration:

These configurations are global for all applications and include some configurations only for WAS V5.x applications and some only for version 6.0.x applications.

You can use the default binding as an application-level binding configuration so that applications do not have to define the binding in the application. There is only one set of default bindings that can be shared by multiple applications. This set is only available for WAS V6.x applications.

Therefore, binding configuration files can be specified at these levels: application, server, and cell. Each binding configuration overrides the next higher one. For any deployed application, the nearest configuration binding is applied. The visibility scope of the binding depends on where the file is located. If the binding is defined in an application, its visibility is scoped to that particular application. If it is located at the server level, the visibility scope is all applications that are deployed on that server. For ND, if it is located at the cell level, the visibility scope is all applications deployed on all servers of the cell.

Overview
To ensure Web services security at the platform level, you can configure:

A nonce on the server or cell level

The key locator for the generator or consumer binding on the application level, server level, or cell level

Trust anchors for the generator or consumer binding on the application level, server level, or cell level

The collection certificate store for the generator or consumer binding on the application level, server level or cell level

Trusted ID evaluators on the server or cell level

Hardware cryptographic devices for Web services security

The rrdSecurity.props property file

Procedure

To configure a nonce on the server or cell level, see the steps in Configure a nonce on the server or cell level

To configure the key locator for the generator binding on the application level, see the steps in Configure the key locator using JAX-RPC for the generator binding on the application level

To configure the key locator for the consumer binding on the application level, see the steps in Configure the key locator using JAX-RPC for the consumer binding on the application level

To configure the key locator on the server or cell level, see the steps in Configure the key locator using JAX-RPC on the server or cell level

To configure trust anchors for the generator binding on the application level, see the steps in Configure trust anchors for the generator binding on the application level

To configure trust anchors for the consumer binding on the application level, see the steps in Configure trust anchors for the consumer binding on the application level

To configure trust anchors on the server or cell level, see the steps in Configure trust anchors on the server or cell level

To configure the collection certificate store for the generator binding on the application level, see the steps in Configure the collection certificate store for the generator binding on the application level

To configure the collection certificate store for the consumer binding on the application level, see the steps in Configure the collection certificate store for the consumer binding on the application level

To configure the collection certificate on the server or cell level, see the steps in Configure the collection certificate on the server or cell level

To configure trusted ID evaluators on the server or cell level, see the steps in Configure trusted ID evaluators on the server or cell level

To enable hardware cryptographic devices for Web services security, see the steps in Enabling hardware cryptographic devices for Web Services Security

To work with the rrdSecurity.props file, see rrdSecurity.props file

Results
By completing these steps, you have configured Web services security at the platform level.

Configure a nonce on the server or cell level

Distributing nonce caching to servers in a cluster

Configure the key locator using JAX-RPC for the generator binding on the application level

Configure the key locator using JAX-RPC for the consumer binding on the application level

Configure the key locator using JAX-RPC on the server or cell level

Configure trust anchors for the generator binding on the application level

Configure trust anchors for the consumer binding on the application level

Configure trust anchors on the server or cell level

Configure the collection certificate store for the generator binding on the application level

Configure the collection certificate store for the consumer binding on the application level

Configure the collection certificate on the server or cell level

Configure trusted ID evaluators on the server or cell level

Enabling hardware cryptographic devices for Web Services Security

rrdSecurity.props file

Related tasks

Securing Web services applications using JAX-RPC at the message level