Service integration technologies and WS-Security
In a WS-Security scenario, the message flows are as shown in the following figure:
The client generates a request that is handled by the client Web services engine. This engine
reads the client security configuration and applies the security that is defined in the
ibm-webservicesclient-ext.xmi
file to the SOAP message. The engine gets additional
binding information from the ibm-webservicesclient-bnd.xmi
file (for example, the
location of a keystore on the file system).
On receipt of a SOAP message, the web services engine on the server refers to the
*.xmi
files for the called web service. In this case, the
ibm-webservices-ext.xmi
file tells the engine what security the incoming message
must have (for example, that the body of the message must be signed). If the message does not
comply, it is rejected. The web services engine verifies any security information then passes the
message on to the web service that is called.
On the response from server to client, the process is reversed. The web service
*.xmi
files tell the web services engine what security to apply to the response
message, and the client *.xmi
files tell the client engine what security to require
in the response message.
If you apply this scenario to inbound and outbound services, the message flows are as shown in the following figure:
- The client application and the target web service have the security settings in their
*.xmi
files. You get this information from the owning parties. - The inbound service and outbound service have the security settings that you configure for them.
- WS-Security configurations
- WS-Security bindings
The body must be signed), and the bindings resource type provides the information that the run-time environment needs to implement the configuration (for example
To sign the body, use this key).
- A binding for use when consuming requests from a client to an inbound service.
- A binding for use when generating requests from an outbound service to a target web service.
- A binding for use when consuming responses from a target web service to an outbound service.
- A binding for use when generating responses from an inbound service to a client.