Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Secure web services > Administer Web Services Security
Administer message-level security for JAX-WS web services
Web Services Security standards and profiles describe how to provide security and protection for SOAP messages that are exchanged in a web services environment. Using JAX-WS, development of web services and clients is simplified with greater platform independence for Java applications through the use of dynamic proxies and Java annotations.
- Auditing the Web Services Security runtime
Security auditing provides tracking and archiving of auditable events for the web services runtime operations. When security auditing is enabled for web services, the event generator utility collects and logs signing, encryption, security, authentication, and delegation events in audit event records. We can analyze the audit event records to identify possible security breaches or potential weaknesses in the security configuration of the environment.
- Secure web services using policy sets
Policy sets are assertions about how services are defined. They are used to simplify the quality of service configuration for web services.
- Configure the username and password for WS-Security Username or LTPA token authentication
When using the Username WSSecurity default policy set, configure the username and password for username token authentication separately from the security settings defined in the bindings.
- Secure requests to the trust service using system policy sets
WAS provides message-level protection for its security token service, known as the WAS trust service. For the trust service, use a special class of policy sets known as system policy sets.
- Configure the Kerberos token for Web Services Security
Use this topic to configure the Kerberos token for message-level Web Services Security.
- Secure messages using SAML
Configure policy sets, bindings, and SAML-specific tokens to secure web services and messages.
- Configure default Web Services Security bindings
WAS provides support for a set of default Web Services Security bindings for applications. A set of bindings is a named object that is associated with a specific policy set and service resource attached to the policy set.
- General JAX-WS default bindings for Web Services Security
General bindings are used as the default bindings at the cell level or server level, or for multiple domains, at the domain level. The general bindings that are included with WAS are initially set as the default bindings. However, you can choose a different binding as the default, or change the level of binding used as the default, for example, from cell-level binding to server-level binding.