Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Secure web services > Web Services Security concepts > Web Services Security concepts for v5.x applications
Trust anchors
A trust anchor specifies keystores that contain trusted root certificates that validate the signer certificate. The request receiver and the response receiver use these keystores to validate the signer certificate of the digital signature.
There is an important distinction between Version 5.x and v6.0.x and later applications. The information in this article supports v5.x applications only that are used with WAS v6.0.x and later. The information does not apply to v6.0.x and later applications.
The request receiver, as defined in ibm-webservices-bnd.xmi, and the response receiver, as defined in ibm-webservicesclient-bnd.xmi when web services are acting as client, use these keystores to validate the signer certificate of the digital signature. If keysores are tampered with, the result of the digital signature verification is doubtful and comprised. IBM recommends that you secure keystores. The binding configuration specified for the request receiver in ibm-webservices-bnd.xmi must match the binding configuration for the response receiver in ibm-webservicesclient-bnd.xmi.
The trust anchor is defined as javax.security.cert.TrustAnchor in the Java CertPath API. The Java CertPath API uses the trust anchor and the certificate store to validate the incoming X.509 certificate that is embedded in the SOAP message.
The Web Services Security implementation in WAS supports this trust anchor. In WAS, the trust anchor is represented as a Java keystore object. The type, path, and password of the keystore are passed to the implementation through the administrative console or by scripting.
Collection certificate store
Configure trust anchors using an assembly tool
Configure trust anchors
Secure web services for v5.x applications using XML digital signature