WAS v8.5 > Secure applications > Secure web services > Secure web services > Administer Web Services Security > Administer message-level security for JAX-WS web services > Secure requests to the trust service using system policy sets > Enable secure conversation
Flow for establishing a security context token to secure reliable messaging
This example scenario includes functions required for the composite scenario of Web Services Reliable Messaging (WS-ReliableMessaging), WS-SecureConversation, and WS-Trust. The scenario describes how to use WS-SecureConversation with WS-ReliableMessaging, the scenario is described from the WS-SecureConversation perspective.
The flow of this Web Services Reliable Messaging (WS-ReliableMessaging) scenario is very similar to the flow of the WS-SecureConversation scenario, and the exchange of the application messages is very similar to the Secure Conversation scenarios. The main difference in the two example scenarios is the WS-ReliableMessaging sequence is secured with the security context token and scopes the WS-ReliableMessaging sequence to the security context token.
The following figure describes a summary of the message flows required to establish a security context token to secure reliable messaging.
Figure 1. Messages exchange for the SCT and reliable messaging
Scenario
The WS-ReliableMessaging sequence is secured with the security context token and is scoping the WS-ReliableMessaging sequence to the security context token. This scenario focuses on the message exchanges that are using the security context token in the overall flow.
The exact detail of how WS-ReliableMessaging is validating the WS-ReliableMessaging sequence, with respect to the security context token scoping, is not described.
Typically, to use secure conversation and a security context token to secure reliable messaging, the following steps are involved;
- The WS-ReliableMessaging
run time calls APIs from the Web Services Security run time to get the UUID of the security context token for the session and also the API for serializing and deserializing the security context token for managed persistent for reliable recovery.
Because of the security nature of the security context token, the WS-ReliableMessaging protocol makes sure the serialized security context token in persistent store is protected.
- If there is already a security context token established the UUID
of the existing security context token is returned to WS-ReliableMessaging.
If there is no security context token already established, the Web Services Security run time initiates a call to the recipient to establish the security context token.
The latter case is similar to the Secure Conversation scenario.
- After the WS-ReliableMessaging
run time acquires the UUID of the security context token, the WS-ReliableMessaging run time scopes the CreateSequence message to the security context token using the SecurityTokenReference (STR) argument in the CreateSequence message and responds with the CreateSequenceResponse message.
The exchange of the application messages is very similar to the WS-SecureConversation scenario.
- The WS-ReliableMessaging run time responds with the CreateSequenceResponse
message.
The exchange of the messages is very similar to the exchange in the WS-SecureConversation scenario.
- The WS-ReliableMessaging run time sends a SequenceAcknowledgement message to acknowledge the message is properly delivered and secured by the security context token.
- Finally, the WS-ReliableMessaging run time sends a TerminateSequence message to terminate the sequence and is secured by the security context token.
Related concepts:
Flow for establishing a security context token to secure conversations
Security context token
Interoperation with other WS-ReliableMessaging providers: use pattern
Related
Secure requests to the trust service using system policy sets
Configure WS-SecureConversation to work with WS-ReliableMessaging
WS-ReliableMessaging
Related information:
Web Services Secure Conversation
Language specification