+

Search Tips   |   Advanced Search

Security considerations for Web services


When you configure WS-Security, you should make every effort to verify that the result is not vulnerable to a wide range of attack mechanisms. There are possible security concerns that arise when we are securing Web services.

In WAS, when you enable integrity, confidentiality, and the associated tokens within a SOAP message, security is not guaranteed. This list of security concerns is not complete. You must conduct our own security analysis for the environment.

Secure Web services involves more work than just enabling XML digital signature and XML encryption. To properly secure a Web service, have knowledge about the PKI. The amount of security that we need depends upon the deployed environment and the usage patterns. However, there are some basic rules and best practices for securing Web services. IBM recommends that you read some books on PKI and also read information on the Web Services Interoperability Organization (WS-I) Basic Security Profile (BSP).



Subtopics


Nonce, a randomly generated token
Basic Security Profile compliance tips
Distributed nonce cache

 

Related concepts


WS-Security provides message integrity, confidentiality, and authentication

 

Related tasks


Secure Web services applications using message level security

 

Related information


Basic Security Profile V1.0