![Close [x]](http://dw1.s81c.com/i/c.gif){kind=small}
This article describes how to use IBM® WebSphere® Application Server Version 6 and IBM Rational® Application Developer to sign and encrypt any element in a SOAP message using an XPATH expression and the Web Services Security 1.0 standard.
Learn how to use IBM WebSphere Application Server Version 6.0 and IBM Rational Application Developer to sign and encrypt any element in a SOAP message using the Web Services Security 1.0 standard (WS-Security). WS-Security is designed to be flexible and extensible. However, that flexibility and extensibility is a double-edged sword: it enables security for many message-level scenarios, but adds significant complexity to the development process. WebSphere Application Server provides a simple keyword-based mechanism to specify which SOAP message elements are to be signed and encrypted. Keywords are defined to support the majority of common usage scenarios for standard message elements. However, SOAP messages frequently contain non-standard application-defined elements that must also be protected. This article describes how you can use an XPATH expression with WebSphere Application Server to sign and encrypt any element in a SOAP message. The article is intended for Web services application developers who need to secure their SOAP messages using message-level security.
| Description | Name | Size | Download method |
|---|---|---|---|
| Article in PDF format | 0605_chung.pdf | 2.3MB | FTP |HTTP |
| Readme file for samples | readme.txt | 1KB | FTP|HTTP |
| Sample files, EAR file, genkey command file | samples.zip | 78KB | FTP|HTTP |
Information about download methods Get Adobe® Reader®
Learn
-
Browse for books on these and other technical topics.
-
developerWorks WebSphere Web Services zone: Get technical resources and downloads for IBM WebSphere Web services.
-
developerWorks SOA and Web services zone: Get technical resources and downloads for IBM SOA and Web services.
-
Web Services Security with WebSphere Application Server V6, Part 1: Introduction to Security Architectures:
This developerWorks article introduces various Application Server Version 6 Web services security architectures, and describes the pros and cons of each.
-
Web Services Security with WebSphere Application Server V6, Part 2: UserNameToken and SSL: This article describes how
to secure a resource using a user name and a password.
-
Web Services Security Specification
-
Redbook: WebSphere Version 6 Web Services Handbook Development and Deployment
-
WebSphere Version 6 Information Center
-
XPATH specification
-
XML-Signature Syntax and Processing
-
XML Encryption Syntax and Processing
-
XML signature element wrapping attacks and countermeasure
-
Redbook: Rational Application Developer V6 Programming Guide
-
Build Secure Web Services Using Rational Application Developer: This developerWorks tutorial shows you how to authenticate using a user ID and password, ensure integrity using digital signatures, and ensure confidentiality using encryption.
Get products and technologies
-
Build your next development project with IBM trial software, available for download directly from developerWorks.
Discuss
-
Participate in developerWorks blogs and get involved in the developerWorks community.
Henry Chung is an architect and lead developer of Web services security on the WebSphere platform. Henry has been in middleware development for over 5 years and has developed many security features for the WebSphere platform. Henry&s current focus is leading the development of the latest WebSphere Web services security specifications. He also helps customers and other IBM teams apply Web services security solutions. His primary goal is to enable WebSphere Web services security support to meet real-world needs. You can contact Henry at hychung@us.ibm.com.
Michael McIntosh is a Senior Software Engineer working on Web services security in the Security and Privacy Department at the Thomas J. Watson Research Center in Hawthorne, New York. Michael represents IBM in the WS-I Basic Security Profile Working Group as Lead Editor, and in the OASIS Web Services Security and Web Services Secure Exchange Technical Committees. You can contact Michael at mikemci@us.ibm.com.
Paula Austel is a Senior Software Engineer in the Java and Web Service Security Group at the IBM Thomas J. Watson Research Center. She has participated in the following standards groups: OASIS Web Services Security Technical Committee, OASIS Security Services Technical Committee, and WS-I Basic Security Profile Working Group. You can reach Paula at pka@us.ibm.com.
Masayoshi Teraguchi received his M.E. in Information and Computer Sciences from Osaka University, Japan, in 2000. He joined the IBM Tokyo Research Laboratory in 2000. His research interests include Multimedia annotation, XML, Web services, and Web services security. You can reach Masayoshi at teraguti@jp.ibm.com.
