Network Deployment (Distributed operating systems), v8.0 > Reference > Developer detailed usage information


Web Services Security APIs

The Web Services Security programming model provides application programming interfaces (WSS API) for securing the SOAP message. The WSS API model is based on Web Services Security v1.1 standards but also includes support for Web Services Security v1.0.

The Web Services Security APIs (WSS APIs) can generate and process the following SOAP-related bindings for XML security:

The token processing and pluggable token architecture in the Web Service Security run time has been redesign to reuse the same Security Token interface and the JAAS Login Module as those used for the WSS APIs.

The following table lists the WSS API interfaces that are provided with WAS and used to configure signing and encryption information in the SOAP bindings for the generator and consumer bindings.

WSS API interfaces. Use the interfaces to configure security information in the bindings.

WSS API interfaces Description
WSSDecryption Package: com.ibm.websphere.wssecurity.wssapi.decryption

This interface is responsible for specifying decryption. The default values for decryption include:

WSSDecryptPart Package: com.ibm.websphere.wssecurity.wssapi.decryption

This interface is responsible for adding decrypted parts, as needed. If specified, the default values for decrypted parts include:

  • Security token: X.509
  • Transform method: N/A (not applicable)

WSSEncryption Package: com.ibm.websphere.wssecurity.wssapi.encryption

This interface is responsible for the encryption component. The default values for encryption include:

  • Targets: BODY_CONTENT, SIGNATURE
  • Data encryption method: AES128
  • Key encryption method: KW_RSA_OAEP
  • Security token: X.509
  • refType: SecurityToken.REF_KEYID
  • mtomOptimize: false

WSSEncryptPart Package: com.ibm.websphere.wssecurity.wssapi.encryption

This interface is responsible for adding encrypted parts, as needed. If specified, the default values for encrypted parts include:

  • Transform method: N/A (not applicable)

WSSSignature Package: com.ibm.websphere.wssecurity.wssapi.signature

This interface is responsible for specifying the signature. The default values for signature include:

  • Targets: BODY, ADDRESSING_HEADERS, TIMESTAMP
  • Signature method: RSA_SHA1
  • Canonicalization method: EXC_C14N
  • Security token: X.509
  • Type of token reference: SecurityToken.REF_STR

WSSSignPart Package: com.ibm.websphere.wssecurity.wssapi.signature

This interface is responsible for adding signed parts, as needed. If specified, the default values for signed parts include:

  • Transform method : TRANSFORM_EXC_C14N
  • Digest method: SHA1

WSSVerification Package: com.ibm.websphere.wssecurity.wssapi.verification

This interface is responsible for specifying the signature verification. The default values for verification include:

  • Targets: BODY, ADDRESSING_HEADERS, TIMESTAMP
  • Signature method: RSA_SHA1
  • Canonicalization method: EXC_C14N
  • Security token: X.509

WSSVerifyPart Package: com.ibm.websphere.wssecurity.wssapi.verification

This interface is responsible for adding verify parts, as needed. If specified, the default values for verify parts include:

  • Digest method: SHA1
  • Transform method: TRANSFORM_EXC_C14N

Also see the information about pre-configured generator and consumer tokens.
Configure Web Services Security using the WSS APIs

+

Search Tips   |   Advanced Search