+

Search Tips   |   Advanced Search

WS-Security APIs


The WS-Security model provides APIs (WSS API) for securing the SOAP message. The WSS API model is based on WS-Security V1.1 standards but also includes support for WS-Security V1.0.

The WS-Security APIs (WSS APIs) can generate and process the following SOAP-related bindings for XML security:

The token processing and pluggable token architecture in the Web service security run time has been redesign to reuse the same Security Token interface and the JAAS Login Module as those used for the WSS APIs.

The following table lists the WSS API interfaces that are provided with WAS and used to configure signing and encryption information in the SOAP bindings for the generator and consumer bindings.


Table 1. WSS API interfaces

WSS API interfaces Description
WSSDecryption Package: com.ibm.websphere.wssecurity.wssapi.decryption This interface is responsible for specifying decryption. The default values for decryption include:

  • Targets: BODY_CONTENT, SIGNATURE

  • Data encryption method: AES128

  • Key encryption method: KW_RSA_OAEP
  • Security token: X.509

WSSDecryptPart Package: com.ibm.websphere.wssecurity.wssapi.decryption This interface is responsible for adding decrypted parts, as needed. If specified, the default values for decrypted parts include:

WSSEncryption Package: com.ibm.websphere.wssecurity.wssapi.encryption This interface is responsible for the encryption component. The default values for encryption include:

  • Targets: BODY_CONTENT, SIGNATURE

  • Data encryption method: AES128

  • Key encryption method: KW_RSA_OAEP
  • Security token: X.509

  • refType: SecurityToken.REF_KEYID

  • mtomOptimize: false

WSSEncryptPart Package: com.ibm.websphere.wssecurity.wssapi.encryption This interface is responsible for adding encrypted parts, as needed. If specified, the default values for encrypted parts include:

  • Transform method: N/A (not applicable)

WSSSignature Package: com.ibm.websphere.wssecurity.wssapi.signature This interface is responsible for specifying the signature. The default values for signature include:

  • Targets: BODY, ADDRESSING_HEADERS, TIMESTAMP

  • Signature method: RSA_SHA1

  • Canonicalization method: EXC_C14N
  • Security token: X.509

  • Type of token reference: SecurityToken.REF_STR

WSSSignPart Package: com.ibm.websphere.wssecurity.wssapi.signature This interface is responsible for adding signed parts, as needed. If specified, the default values for signed parts include:

  • Transform method : TRANSFORM_EXC_C14N

  • Digest method: SHA1

WSSVerification Package: com.ibm.websphere.wssecurity.wssapi.verification This interface is responsible for specifying the signature verification. The default values for verification include:

  • Targets: BODY, ADDRESSING_HEADERS, TIMESTAMP

  • Signature method: RSA_SHA1

  • Canonicalization method: EXC_C14N
  • Security token: X.509

WSSVerifyPart Package: com.ibm.websphere.wssecurity.wssapi.verification This interface is responsible for adding verify parts, as needed. If specified, the default values for verify parts include:

  • Digest method: SHA1

  • Transform method: TRANSFORM_EXC_C14N

Also see the information about pre-configured generator and consumer tokens.



 

Related tasks


Set WS-Security using the WSS APIs