Data integrity and privacy

Edit online
Draft comment:
This topic only applies to BAW, and is located in the BAW repository. Last updated on 2025-03-13 12:15
The privacy and integrity of data when IBM® Business Automation Workflow processes are invoked is critical to maintaining security.

Data privacy and data integrity are closely related concepts. For a more detailed discussion, refer to the WebSphere® Application Server Network Deployment documentation External link opens a new window or tab.

Privacy

Privacy means that an unauthorized user should not be able to intercept and read data.

Integrity

Integrity means that an unauthorized user should not be able to alter data.

Data integrity and privacy solutions provided in IBM Business Automation Workflow

IBM Business Automation Workflow supports two widely-used solutions for data privacy and integrity:
  • Secure Sockets Layer (SSL) protocol: SSL uses a handshake to authenticate the end points and exchange information used to generate the session key that will be used by the end points for encryption and decryption. SSL is a synchronous protocol and is suitable for point-to-point communication. SSL requires that the two end points maintain a connection with each other for the duration of the SSL session.
  • WS-Security: This standard defines Simple Object Access Control (SOAP) extensions for securing SOAP messages. WS-Security adds support for authentication, integrity, and privacy for a single SOAP message. Unlike SSL, there is no handshake to establish a session key. This makes WS-Security suitable for securing messages in an asynchronous environment, such as SOAP over Java™ Message Service (JMS) or SOAP over Service Integration Bus (SIB). WS-Security deployment descriptors can be set in your applications before deployment. See related information for more details.
In a business integration environment with multiple systems interacting with one another, it is likely that some of the communication will be asynchronous. Therefore, in most instances, WS-Security may be a more suitable solution. For more information about configuring WS-Security in your own applications, see:

Configuring a web services web client to use SSL

You can configure a web services client to invoke a web service using Secure Sockets Layer (SSL).

The details of how to configure your web services web client to use SSL are provided in the WebSphere Application Server Enabling SSL communication for web services access External link opens a new window or tab topic. A more general discussion of securing web services can be found in the Securing web services at the transport level External link opens a new window or tab topic.