WAS v8.5 > Administer applications and their environment > Administer web services - Policy (WS-Policy) > Use WS-Policy to exchange policies in a standard format

Configure security for a WS-MetadataExchange request

We can configure message-level security for a Web Services Metadata Exchange (WS-MetadataExchange) GetMetadata request by specifying a suitable policy set and binding. You do this when we configure a web service provider to share its policies or a web service client to obtain the policies of a service provider.

For a service provider, we have completed the procedure to configure a service provider to share its policy configuration, up to and including the step to enable WS-MetadataExchange.

For a service client, we have completed the procedure to configure the client policy to use a service provider policy, up to and including the step to use WS-MetadataExchange.

By default, the WS-MetadataExchange GetMetadata request uses the transport-level security configuration of the application. You might want to apply message-level security if transport-level security is not available on the application endpoint, or if transport-level security is not adequate for the requirements. An advantage of message-level security is that it provides end-to-end security, which is especially important for the exchange of security metadata.

We can configure security for a WS-MetadataExchange request using the dmgr console. We can also configure security for a WS-MetadataExchange request using wsadmin commands.

  1. For a service provider, in the Policy Sharing panel on the dmgr console, select Attach a system policy set to the WS-MetadataExchange. For a service client, in the Policies Applied panel on the dmgr console, select Attach a system policy set to the WS-MetadataExchange.

  2. Select a system policy set to provide message-level security from the Policy set list. We can select from system policy sets containing only WS-Security policies, only WS-Addressing policies, or both. The default policy set is SystemWSSecurityDefault. If the policy sets listed are not suitable for the requirements, create our own system policy set, then return to this procedure.

  3. Select a general binding for the policy set attachment from the Binding list. We can select from general bindings scoped to the global domain, or the security domain of this service. If the bindings listed are not suitable for the requirements, create our own general binding, then return to this procedure.

  4. Click OK.

  5. Save your changes to the master configuration.


Results

Message-level security is applied to the WS-MetadataExchange GetMetadata request.


Related concepts:

WS-MetadataExchange requests
System policy sets


Related


Configure a service provider to share its policy configuration
Configure the client policy to use a service provider policy
Configure system policy sets
Define and managing service client or provider bindings


Reference:

WS-Policy commands for AdminTask


+

Search Tips   |   Advanced Search