+

Search Tips   |   Advanced Search

Web Services Security APIs

The Web Services Security programming model provides APIs (WSS API) for securing the SOAP message. The WSS API model is based on Web Services Security Version 1.1 standards but also includes support for Web Services Security Version 1.0.

The Web Services Security APIs (WSS APIs) can generate and process the following SOAP-related bindings for XML security:

The token processing and pluggable token architecture in the Web Service Security run time has been redesign to reuse the same Security Token interface and the JAAS Login Module as those used for the WSS APIs.

The following table lists the WSS API interfaces provided with WebSphere Application Server and used to configure signing and encryption information in the SOAP bindings for the generator and consumer bindings.

WSS API interfaces Description
WSSDecryption Package: com.ibm.websphere.wssecurity.wssapi.decryption

This interface is responsible for specifying decryption. The default values for decryption include:

  • Targets: BODY_CONTENT, SIGNATURE

  • Data encryption method: AES128

  • Key encryption method: KW_RSA_OAEP

  • Security token: X.509

WSSDecryptPart Package: com.ibm.websphere.wssecurity.wssapi.decryption

This interface is responsible for adding decrypted parts, as needed. If specified, the default values for decrypted parts include:

  • Security token: X.509

  • Transform method: N/A (not applicable)

WSSEncryption Package: com.ibm.websphere.wssecurity.wssapi.encryption

This interface is responsible for the encryption component. The default values for encryption include:

  • Targets: BODY_CONTENT, SIGNATURE

  • Data encryption method: AES128

  • Key encryption method: KW_RSA_OAEP

  • Security token: X.509

  • refType: SecurityToken.REF_KEYID

  • mtomOptimize: false

WSSEncryptPart Package: com.ibm.websphere.wssecurity.wssapi.encryption

This interface is responsible for adding encrypted parts, as needed. If specified, the default values for encrypted parts include:

  • Transform method: N/A (not applicable)

WSSSignature Package: com.ibm.websphere.wssecurity.wssapi.signature

This interface is responsible for specifying the signature. The default values for signature include:

  • Targets: BODY, ADDRESSING_HEADERS, TIMESTAMP

  • Signature method: RSA_SHA1

  • Canonicalization method: EXC_C14N

  • Security token: X.509

  • Type of token reference: SecurityToken.REF_STR

WSSSignPart Package: com.ibm.websphere.wssecurity.wssapi.signature

This interface is responsible for adding signed parts, as needed. If specified, the default values for signed parts include:

  • Transform method : TRANSFORM_EXC_C14N

  • Digest method: SHA1

WSSVerification Package: com.ibm.websphere.wssecurity.wssapi.verification

This interface is responsible for specifying the signature verification. The default values for verification include:

  • Targets: BODY, ADDRESSING_HEADERS, TIMESTAMP

  • Signature method: RSA_SHA1

  • Canonicalization method: EXC_C14N

  • Security token: X.509

WSSVerifyPart Package: com.ibm.websphere.wssecurity.wssapi.verification

This interface is responsible for adding verify parts, as needed. If specified, the default values for verify parts include:

  • Digest method: SHA1

  • Transform method: TRANSFORM_EXC_C14N

Also see the information about pre-configured generator and consumer tokens.

Reference topic