End-to-end paths for web services - Security (WS-Security)
The Web Services Security specification defines core facilities for protecting the integrity and confidentiality of a message, and provides mechanisms for associating security-related claims with a message.
Subtopics
- Secure web services applications at the transport level
Transport-level security is a well-known and often used mechanism to secure HTTP Internet and intranet communications. Transport level security can be used to secure web services messages. Transport-level security functionality is independent from functionality provided by message-level security (WS-Security) or HTTP basic authentication.
- Authenticating web services clients using HTTP basic authentication
A simple way to provide authentication data for the service client is to authenticate to the protected service endpoint by using HTTP basic authentication. HTTP basic authentication uses a user name and password to authenticate a service client to a secure endpoint.
- Secure JAX-WS web services using message-level security
Web Services Security standards and profiles address how to provide message-level protection for messages that are exchanged in a web service environment.
- Secure JAX-RPC web services using message-level security
Standards and profiles address how to provide protection for messages that are exchanged in a web service environment.
- Secure web services using Security Markup Assertion Language (SAML)
The Security Assertion Markup Language (SAML) is an XML-based OASIS standard for exchanging user identity and security attributes information. Using SAML, a client can communicate assertions regarding the identity, attributes, and entitlements of a SOAP message. We can apply policy sets to JAX-WS applications to use SAML assertions in web services messages and in web services usage scenarios. Use SAML assertions to represent user identity and user security attributes, and optionally, to sign and to encrypt SOAP message elements.
- Authenticating web services using generic security token login modules
We can use the generic security token login modules to issue, validate, and exchange security tokens using an external Security Token Service (STS).
Related information:
End-to-end paths for web services
End-to-end paths for web services - Addressing (WS-Addressing)
End-to-end paths for web services - Reliable messaging (WS-ReliableMessaging)
End-to-end paths for web services - Policy (WS-Policy)
End-to-end paths for web services - UDDI registry
End-to-end paths for web services - Resource framework (WSRF)
End-to-end paths for web services - RESTful services
End-to-end paths for web services - Transaction support (WS-Transaction)
End-to-end paths for web services - Transports