Network Deployment (Distributed operating systems), v8.0 > Reference > Developer detailed usage information
Web Services Security APIs
The Web Services Security programming model provides application programming interfaces (WSS API) for securing the SOAP message. The WSS API model is based on Web Services Security v1.1 standards but also includes support for Web Services Security v1.0.
The Web Services Security APIs (WSS APIs) can generate and process the following SOAP-related bindings for XML security:
- XML signature and signature verification
- XML encryption and decryption
The token processing and pluggable token architecture in the Web Service Security run time has been redesign to reuse the same Security Token interface and the JAAS Login Module as those used for the WSS APIs.
The following table lists the WSS API interfaces that are provided with WAS and used to configure signing and encryption information in the SOAP bindings for the generator and consumer bindings.
WSS API interfaces. Use the interfaces to configure security information in the bindings.
WSS API interfaces Description WSSDecryption Package: com.ibm.websphere.wssecurity.wssapi.decryption This interface is responsible for specifying decryption. The default values for decryption include:
- Targets: BODY_CONTENT, SIGNATURE
- Data encryption method: AES128
- Key encryption method: KW_RSA_OAEP
- Security token: X.509
WSSDecryptPart Package: com.ibm.websphere.wssecurity.wssapi.decryption This interface is responsible for adding decrypted parts, as needed. If specified, the default values for decrypted parts include:
- Security token: X.509
- Transform method: N/A (not applicable)
WSSEncryption Package: com.ibm.websphere.wssecurity.wssapi.encryption This interface is responsible for the encryption component. The default values for encryption include:
- Targets: BODY_CONTENT, SIGNATURE
- Data encryption method: AES128
- Key encryption method: KW_RSA_OAEP
- Security token: X.509
- refType: SecurityToken.REF_KEYID
- mtomOptimize: false
WSSEncryptPart Package: com.ibm.websphere.wssecurity.wssapi.encryption This interface is responsible for adding encrypted parts, as needed. If specified, the default values for encrypted parts include:
- Transform method: N/A (not applicable)
WSSSignature Package: com.ibm.websphere.wssecurity.wssapi.signature This interface is responsible for specifying the signature. The default values for signature include:
- Targets: BODY, ADDRESSING_HEADERS, TIMESTAMP
- Signature method: RSA_SHA1
- Canonicalization method: EXC_C14N
- Security token: X.509
- Type of token reference: SecurityToken.REF_STR
WSSSignPart Package: com.ibm.websphere.wssecurity.wssapi.signature This interface is responsible for adding signed parts, as needed. If specified, the default values for signed parts include:
- Transform method : TRANSFORM_EXC_C14N
- Digest method: SHA1
WSSVerification Package: com.ibm.websphere.wssecurity.wssapi.verification This interface is responsible for specifying the signature verification. The default values for verification include:
- Targets: BODY, ADDRESSING_HEADERS, TIMESTAMP
- Signature method: RSA_SHA1
- Canonicalization method: EXC_C14N
- Security token: X.509
WSSVerifyPart Package: com.ibm.websphere.wssecurity.wssapi.verification This interface is responsible for adding verify parts, as needed. If specified, the default values for verify parts include:
- Digest method: SHA1
- Transform method: TRANSFORM_EXC_C14N
Also see the information about pre-configured generator and consumer tokens.
Configure Web Services Security using the WSS APIs