Security for SOAP web services
With the support provided by CICS® Transaction Server for z/OS®, you can either secure your SOAP messages with transport security (used for either SOAP or JSON messages) or SOAP message security (for SOAP messages only). For information about the architecture of SOAP web services, see CICS and SOAP web services.
Transport-based security
Transport-based security relies on technologies that are available as part of the TCP/IP and HTTP protocols. For example, TLS and HTTP basic authentication can be used to secure CICS web services. For information on TCP/IP and HTTP security options, see Security for TCP/IP clients and Security for CICS web support.
SOAP message security
For more information about SOAP message security, see How it works: SOAP message security .
You can use a combination of transport-based security and SOAP message security to secure CICS web services. To decide which type, or which combination of capabilities, is best for you, see Designing security for CICS web service providers and Designing security for CICS web service requesters.