+

Search Tips   |   Advanced Search

Secure Web services for V5.x applications using XML digital signature


XML digital signature is one of the methods WAS provides to secure the Web services. It provides message integrity and authentication capabilities when used with SOAP messages.

There is an important distinction between V 5.x and V6.0.x and later applications. The information in this article supports V5.x applications only that are used with WAS V6.0.x and later. The information does not apply to V 6.0.x and later applications. WAS provides several different methods to secure the Web services; XML digital signature is one of these methods. We can secure the Web services by using any of the following methods:

XML digital signature provides both message integrity and authentication capabilities when it is used with SOAP messages. A message receiver can verify that attackers or accidents have not altered parts of the message after the message was signed by a key. If a message has a digital certificate issued by a CA and a signature in the message is validated successfully by a public key in the certificate, it is proof that the signer has the corresponding private key. To use XML digital signature to secure Web services...

 

  1. Define the security constraints or extensions. To configure the security constraints, use an assembly tool.

    See the related information on Assembly Tools.

    1. Set the client to digitally sign a message request.

      To configure the client, complete the following steps to specify which parts of the SOAP message to digitally sign and define the method used to digitally sign the message. The client in these steps is the request sender.

      1. Specify the message parts by following the steps found in Set the client for request signing: digitally signing message parts.

      2. Select the method used to digitally sign the request message. We can select the digital signature method by following the steps in Set the client for request signing: choosing the digital signature method.

    2. Set the server to verify the digital signature used in the message request. To configure the server, specify which parts of the SOAP message, sent by the request sender, contain digitally signed information and which method was used to digitally sign the message. The settings chosen for the request receiver, or the server in this step, must match the settings chosen for the request sender in the previous step.

      1. Define the message parts by following the steps found in Set the server for request digital signature verification: Verifying the message parts.

      2. Select the same method used by the request sender to digitally sign the message. We can select the digital signature method by following the steps in Set the server for request digital signature verification: choosing the verification method

    3. Set the server to digitally sign a message response.

      To configure the server, complete the following steps to specify which parts of the SOAP message to digitally sign and define the method used to digitally sign the message. The sender in these steps is the response sender.

      1. Specify which message parts to digitally sign by following the steps found in Set the server for response signing: digitally signing message parts.

      2. Select the method used to digitally sign the response message. We can select the digital signature method by following the steps in Set the server for response signing: choosing the digital signature method

    4. Set the client to verify the digital signature used in the message response. To configure the client, specify which parts of the SOAP message sent by the response sender contain digitally signed information and which method was used to digitally sign the message. The settings chosen for the response receiver, or client in this step, must match the settings chosen for the response sender in the previous step.

      1. Define the message parts by following the steps found in Set the client for response digital signature verification: verifying the message parts

      2. Select the same method used by the response sender to digitally sign the message. We can select the digital signature method by following the steps in Set the client for response digital signature verification: choosing the verification method

  2. Define the client security bindings. To configure the client security bindings, complete the steps in either of the following topics:

  3. Define the server security bindings. To configure the server security bindings, complete the steps in either of the following topics:

 

Results

After completing these steps, we have secured the Web services using XML digital signature.


Set nonce using WS-Security tokens
Default binding
ws-security.xml file - Default configuration for WAS ND
Trust anchors
Set trust anchors using an assembly tool
Set trust anchors
Collection certificate store
Set the client-side collection certificate store using an assembly tool
Set the client-side collection certificate store
Set the server-side collection certificate store using an assembly tool
Set the server-side collection certificate store
Set default collection certificate stores at the server level in the WAS admin console
Set default collection certificate stores at the cell level in the WAS admin console
Key locator
Keys
WS-Security service provider programming interfaces
Set key locators using an assembly tool
Set key locators
Set server and cell level key locators
Trusted ID evaluator
Login mappings
Set the client for request signing: digitally signing message parts
Set the client for request signing: choosing the digital signature method
Set the server for request digital signature verification: Verifying the message parts
Set the server for request digital signature verification: choosing the verification method
Set the server for response signing: digitally signing message parts
Set the server for response signing: choosing the digital signature method
Set the client for response digital signature verification: verifying the message parts
Set the client for response digital signature verification: choosing the verification method
Set the client security bindings using an assembly tool
Set the security bindings on a server acting as a client
Set the server security bindings using an assembly tool
Set the server security bindings

 

Related concepts


Overview of token types
Assembly tools

 

Related tasks


Secure Web services for V5.x applications based on WS-Security