Before you begin
Prior to completing this task, you must import your application into an assembly tool. For information on how to import your application, see Importing enterprise applications.Why and when to perform this task
Client | Server |
---|---|
1. Request generator extensions | 2. Request consumer extensions |
3. Request generator bindings | 4. Request consumer bindings |
5. Response consumer extensions | 6. Request generator extensions |
7. Response consumer bindings | 8. Response generator bindings |
In Web services security for WebSphere Application Server Version 6, integrity refers to digital signature and confidentiality refers to encryption. Integrity decreases the risk of data modification when data is transmitted across a network. Confidentiality reduces the risk of someone intercepting the message as it moves across a network. With confidentiality, however, the message is encrypted before it is sent and decrypted when it is received by its target server. The article provides the steps needed to secure your Web services using either integrity or confidentiality.
In the generator bindings, you can specify which message parts to sign (integrity) or encrypt (confidentiality) and what method is used. In the consumer bindings, you specify when the message parts are signed or encrypted. After you verify the digital signature or encryption in the consumer, the consumer verifies that the specified message parts are actually signed or encrypted. If the digital signature or encryption is required and the message is not signed or encrypted, the message is rejected by the consumer.
There are two different methods to specify what needs to be signed (integrity) or encrypted (confidentiality). You can use either keywords or an XPath expression to configure message parts, a nonce, or a time stamp. When you use keywords, you can specify only certain elements within a message. With an XPath expression, you can specify any part of the message.
Steps for this task (dependent on configuration)
Also, the token consumer article provides the steps that are needed to optionally configure a trust anchor.
Result
By completing the previous steps, you have configured your application for either digital signature (integrity) or encryption (confidentiality).Related concepts
Nonce, a randomly generated token