Web Services Security specification concepts
The Web Services Security specification defines core facilities
for protecting the integrity and confidentiality of a message, and
provides mechanisms for associating security-related claims with a
message.
What is new for securing web services
In WebSphere® Application Server , there are many security enhancements for web services. The enhancements include supporting sections of the Web Services Security (WS-Security) specifications and providing architectural support for plugging in and extending the capabilities of security tokens.
Web Services Security configuration considerations
To secure web services for WebSphere Application Server, you must specify several different configurations. Although there is not a specific sequence in which you must specify these different configurations, some configurations reference other configurations.
Default bindings and runtime properties for Web Services Security
Use this page to configure the settings for nonce on the server level and to manage the default bindings for the signing information, encryption information, key information, token generators, token consumers, key locators, collection certificate store, trust anchors, trusted ID evaluators, algorithm mappings, and login mappings.
Web Services Security provides message integrity, confidentiality, and authentication
OASIS Web Services Security (WS-Security) is a flexible standard that is used to secure web services at the message level within multiple security models. You can secure SOAP messages through XML digital signature, confidentiality through XML encryption, and credential propagation through security tokens.