+

Search Tips   |   Advanced Search

Web Services Security default policy sets

The Web Services Security default policy sets are based on the WS-Security 1.0 and Web Services Addressing (WS-Addressing) specifications. The Web Services Security default policy sets include the WSSecurity default policy set, the Lightweight Third-Party Authentication (LTPA) WSSecurity policy set, the Username WSSecurity policy set, and the Kerberos V5 HTTPS default policy set. These default policy sets are used to build secure web services.

The Web Services Security default policy sets use the WS-Security 1.0 specification enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. Providing quality of protection means to prevent the following potential threats to SOAP messages:

The WS-Addressing specification defines XML 1.0 and XML Namespaces elements to identify web services endpoints and to secure end-to-end endpoint identification in messages.

Use the WSSecurity default policy set, the LTPA WSSecurity policy set, the Username WSSecurity policy set, or the Kerberos V5 HTTPS default policy set as provided with the application server. To customize the other Web Services Security policy sets, we must first copy the policy set, and then configure custom policy settings and bindings to meet our needs.

Features and details of the default Web Services Security policy sets are as follows:

Kerberos V5 HTTPS default

This policy set provides message authentication with a Kerberos v5 token. Message integrity and confidentiality are provided by SSL transport security. This policy set follows the OASIS Kerberos Token Profile V1.1 and WS-Security specifications.

When we use this policy set, configure the basic authentication data and custom properties such as the com.ibm.wsspi.wssecurity.krbtoken.targetServiceName and com.ibm.wsspi.wssecurity.krbtoken.targetServiceHost custom properties in the client bindings. See Authentication generator or consumer token settings and Protection token settings (generator or consumer) topics.

LTPA WSSecurity default

This policy set provides:

  • Message integrity through digital signature (using RSA public-key cryptography) to sign the body, time stamp, and WS-Addressing headers using WS-Security specifications.
  • Message confidentiality through encryption (using RSA public-key cryptography) to encrypt the body, signature and signature elements using WS-Security specifications.
  • A LTPA token included in the request message to authenticate the client to the service.

Username SecureConversation

This policy set provides:

  • Message integrity through digital signature that includes signing the body, time stamp, and WS-Addressing headers using WS-SecureConversation and WS-Security specifications
  • Message confidentiality through encryption that includes encrypting the body, signature and signature confirmation elements, using WS-SecureConversation and WS-Security specifications
  • A username token included in the request message to authenticate the client to the service. The username token is encrypted in the request

Username WSSecurity default

This policy set provides:

  • Message integrity through digital signature (using RSA public-key cryptography) to sign the body, time stamp, and WS-Addressing headers using WS-Security specifications.
  • Message confidentiality through encryption (using RSA public-key cryptography) to encrypt the body, signature and signature elements using WS-Security specifications.
  • A username token included in the request message to authenticate the client to the service. The username token is encrypted in the request.

WSSecurity default

This policy set provides:

  • Message integrity through digital signature (using RSA public-key cryptography) to sign the body, time stamp, and WS-Addressing headers using WS-Security specifications.
  • Message confidentiality through encryption (using RSA public-key cryptography) to encrypt the body, signature and signature elements using WS-Security specifications.


Related:

  • Web services policy sets