A security token represents a set of claims made by a client that might include...
- business certification
WS-Security associates security tokens with messages.
WS-Security supports multiple security token formats.
Security token profiles include...
A security token is embedded in the SOAP message within the SOAP header. The security token within the SOAP header is propagated from the message sender to the intended message receiver. On the receiving side, the WAS Web Services security handler authenticates the security token and sets up the caller identity on the running thread.
WAS contains an enhanced security token that has the following features:
- The client can send multiple tokens to downstream servers.
- The receiver can determine which security token to use for authorization based upon the type or signed part for X.509 tokens.
- Use the custom token or derived key token for digital signing or encryption.
Related conceptsUsername token
Binary security token
WS-Security provides message integrity, confidentiality, and authentication