WAS v8.5 > Secure applications > Secure web services > Secure web services > Web Services Security concepts > Web Services Security concepts > Web Services Security provides message integrity, confidentiality, and authentication

XML token

XML tokens are offered in two well-known formats called SAML and eXtensible rights Markup Language (XrML).

In WebSphere Application Server Versions 6 and later, we can plug in our own implementation. By using extensibility of the <wsse:Security> header in XML-based security tokens, we can directly insert these security tokens into the header. SAML assertions are attached to Web Services Security messages using web services by placing assertion elements inside the <wsse:Security> header. The following example illustrates a Web Services Security message with a SAML assertion token.

<S:Envelope xmlns:S="..."> <S:Header>       <wsse:Security xmlns:wsse="...">           <saml:Assertion
                    MajorVersion="1" 
                    MinorVersion="0"
                    AssertionID="SecurityToken-ef375268"
                       Issuer="elliotw1" 
                       IssueInstant="2002-07-23T11:32:05.6228146-07:00"
                     xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">                      ...
           </saml:Assertion>       </wsse:Security>  </S:Header>  <S:Body>  ...
 </S:Body> </S:Envelope>

For a complete list of the supported standards and specifications, read about web services specifications and APIs.


Related concepts:

What is new for securing web services
Web services


Reference:

Web services specifications and APIs


+

Search Tips   |   Advanced Search