Network Deployment (Distributed operating systems), v8.0 > Reference > Developer best practices

Web Services Security configuration considerations

To secure web services for WAS, specify several different configurations. Although there is not a specific sequence in which specify these different configurations, some configurations reference other configurations.

IBM WAS supports the JAX-WS programming model and JAX-RPC. JAX-WS is the next generation web services programming model extending the foundation provided by JAX-RPC. Using the strategic JAX-WS programming model, development of web services and clients is simplified through support of a standards-based annotations model. Although JAX-RPC and applications are still supported, take advantage of the easy-to-implement JAX-WS programming model to develop new web services applications and clients. bprac

We can configure Web Services Security on the application level, server level, and the cell level. The following table shows an example of the relationships between each of the configurations that apply to just the application, to an entire server, or to the entire cell. However, the requirements for the bindings depend upon the deployment descriptor. Some binding information depends upon other information in the binding or server and cell-level configuration. Within the table, the configurations in the Referenced configurations column are referenced by the configuration listed in the Configuration name column. For example, the token generator on the application-level for the request generator references the collection certificate store, the nonce, time stamp, and callback handler configurations.

The relationship between the configurations.. Use the table to determine the mapping between the configurations and the level of Web Services Security.

Configuration level	Configuration name	Referenced configurations
Application-level request generator	Token generator	Collection certificate store Nonce Timestamp Callback handler
Application-level request generator	Key information	Key locator Key name Token
Application-level request generator	Signing information	Key information
Application-level request generator	Encryption information	Key information
Application-level request consumer	Token consumer	Trust anchor Collection certificate store Trusted ID evaluators JAAS configuration
Application-level request consumer	Key information	Key locator Token
Application-level request consumer	Signing information	Key information
Application-level request consumer	Encryption information	Key information
Application-level response generator	Token generator	Collection certificate store Callback handler
Application-level response generator	Key information	Key locator Token
Application-level response generator	Signing information	Key information
Application-level response generator	Encryption information	Key information
Application-level response consumer	Token consumer	Trust anchor Collection certificate store JAAS configuration
Application-level response consumer	Key information	Key locator Key name Token
Application-level response consumer	Signing information	Key information
Application-level response consumer	Encryption information	Key information
Server-level default generator bindings	Token generator	Collection certificate store Callback handler
Server-level default generator bindings	Key information	Key locator Token
Server-level default generator bindings	Signing information	Key information
Server-level default generator bindings	Encryption information	Key information
Server-level default consumer bindings	Token consumer	Trust anchor Collection certificate store Trusted ID evaluator JAAS configuration
Server-level default consumer bindings	Key information	Key locator Token
Server-level default consumer bindings	Signing information	Key information
Server-level default consumer bindings	Encryption information	Key information
Cell-level default generator bindings	Token generator	Collection certificate store Callback handler
Cell-level default generator bindings	Key information	Key locator Token
Cell-level default generator bindings	Signing information	Key information
Cell-level default generator bindings	Encryption information	Key information
Cell-level default consumer bindings	Token consumer	Trust anchor Collection certificate store Trusted ID evaluator JAAS configuration
Cell-level default consumer bindings	Key information	Key locator Token
Cell-level default consumer bindings	Signing information	Key information
Cell-level default consumer bindings	Encryption information	Key information

When multiple applications will use the same binding information, consider configuring the binding information on the server or cell level. For example, you might have a global key locator configuration used by multiple applications. Configuration information for the application-level precedes similar configuration information on the server-level and the cell level.
Overview of standards and programming models for web services message-level security

Related

Web Services Security troubleshooting tips

+

Search Tips   |   Advanced Search