Web Services Security concepts
The Web Services Security specification defines core facilities for protecting the integrity and confidentiality of a message, and provides mechanisms for associating security-related claims with a message.
Subtopics
- Web Services Security concepts
The Web Services Security specification defines core facilities for protecting the integrity and confidentiality of a message, and provides mechanisms for associating security-related claims with a message.
- Overview of standards and programming models for web services message-level security
Web Services Security standards and profiles describe how to provide security and protection for SOAP messages that are exchanged in a web services environment.
- SAML concepts
SAML is an XML-based, OASIS standard for exchanging user identity and security attributes information. In a typical SAML usage scenario, you authenticate to a security domain and request an identity provider to issue SAML assertions.
- Generic security token login modules
The generic security token login modules are JAAS login modules. These login modules issue, validate, and exchange security tokens using an external Security Token Service (STS).
- Generic security token login module for the token generator
When a web service request is made, the application server calls the generic security login module for the token generator as part of the Web Service Security authentication process.
- Generic security token login module for the token consumer
When a web service message is received, the application server calls the generic security token login module for the token consumer as part of the Web Services Security authentication process.
- Web Services Security concepts for Version 5.x applications
IBM supports Web Services Security, which is an extension of the IBM web services engine, to provide a quality of service. The WAS security infrastructure fully integrates Web Services Security with the Java™ Platform, Enterprise Edition (Java EE) security specification.