Secure SOAP services

Originally, the SOAP specification left security issues open; thus, several proposals evolved to bridge the security gaps. The SOAP security extension, included with WAS, is a security architecture based on the SOAP security specification, and widely accepted security technologies such as Secure Sockets Layer (SSL).

See these subtopics for more information about securing Web services that you publish using the SOAP protocol:

HTTP authentication
This topic discusses how to use secure SOAP service with basic HTTP authentication, SSL authentication, and with SOAP signatures.

SOAP signature components
This topic discusses the Envelope Editor, the Signature Header Handler, and the Verification Handler, which are used to implement security in SOAP enabled applications.

Run the SOAP security samples
In addition to the regular SOAP samples, WAS provides security enabled SOAP samples. See this page for instructions on how to install and run these samples.

SOAP security files reference
This page provides a reference listing of the files related to implementing SOAP security using the Secure Sockets Layer (SSL) protocol.