Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services
Secure web services
The Web Services Security specification defines core facilities for protecting the integrity and confidentiality of a message, and provides mechanisms for associating security-related claims with a message. Web Services Security, an extension of the IBM web services engine, provides a quality of service.
- Secure web services applications at the transport level
Transport-level security is a well-known and often used mechanism to secure HTTP Internet and intranet communications. Transport level security can be used to secure web services messages. Transport-level security functionality is independent from functionality provided by message-level security (WS-Security) or HTTP basic authentication.
- Authenticate web services clients using HTTP basic authentication
A simple way to provide authentication data for the service client is to authenticate to the protected service endpoint by using HTTP basic authentication. HTTP basic authentication uses a user name and password to authenticate a service client to a secure endpoint.
- Secure JAX-WS web services using message-level security
Web Services Security standards and profiles address how to provide message-level protection for messages that are exchanged in a web service environment.
- Secure JAX-RPC web services using message-level security
Standards and profiles address how to provide protection for messages that are exchanged in a web service environment.
- Secure web services using Security Markup Assertion Language (SAML)
The Security Assertion Markup Language (SAML) is an XML-based OASIS standard for exchanging user identity and security attributes information. Using SAML, a client can communicate assertions regarding the identity, attributes, and entitlements of a SOAP message. We can apply policy sets to JAX-WS applications to use SAML assertions in web services messages and in web services usage scenarios. Use SAML assertions to represent user identity and user security attributes, and optionally, to sign and to encrypt SOAP message elements.
- Authenticate web services using generic security token login modules
We can use the generic security token login modules to issue, validate, and exchange security tokens using an external Security Token Service (STS).
- Web Services Security concepts
The Web Services Security specification defines core facilities for protecting the integrity and confidentiality of a message, and provides mechanisms for associating security-related claims with a message.
- Migrate Web Services Security
We can migrate Web Services Security bindings from an older version to the latest version of WAS. The product migration function handles most of the migration process, but your input and action is required for specific configurations in order to complete the migration.
- Develop applications that use Web Services Security
The Web Services Security specification provides a flexible framework for building secure web services to implement message content integrity and confidentiality. The Web Services Security service programming model supports this flexible framework by providing extension points to integrate new token formats, and methods to obtains keys needed for message protection. The application server programming model provides Web Services Security programming application programming interfaces (WSS API) for securing SOAP messages.
- Configure Web Services Security during application assembly
If you configure Web Services Security with an assembly tool, the Web Services Security binding information is modified
- Administer Web Services Security
To secure web services, consider a broad set of security requirements, including authentication, authorization, privacy, trust, integrity, confidentiality, secure communications channels, delegation, and auditing across a spectrum of application and business topologies. We can choose to configure Web Services Security for the application level, the server level or the cell level, depending upon the environment and security needs.
- Deploy applications that use SAML
After SAML policy sets and bindings have been configured, and SAML tokens created, the SAML token information can be sent from the original login server to other servers using the SAML propagation feature. We can also extract SAML attributes from an existing SAML token and then create additional tokens using the extracted attributes.
- Tune Web Services Security
When using Web Services Security for message-level protection of SOAP message in WAS, the choice of configuration options can affect the performance of the application.