WebSphere® Telecom Web Services
Server uses
the standard WebSphere Application Server
Network Deployment authorization
mechanisms and also supports the use of the Trust Association Interceptor.
Additional authorization capabilities are provided using Service Policy Manager,
which is policy based.
Security features
Telecom Web Services Server provides
the following features:
- The ability to provide granular authorization down to
the level of the invoked operation. Authorization for execution of
a particular operation is driven by policy information and is a simple
filter indicating whether or not a given invocation is allowed to
execute. Authorization policy can be defined at different levels in
the policy hierarchy: per-requester, per-service, and per-operation.
This hierarchy is resolved by the Service Policy Manager during
policy retrieval, returning the most specific authorization value.
If the requester is not authorized to invoke a particular
service or operation, the request is rejected. This requirement is
met by the Service Authorization mediation primitive. For additional
information on Service Authorization mediation primitives, see the
topic Service Authorization.
- Providing a means of persisting all transaction information and
message contents for integrity purposes. This data should be stored
within a relational database for external access. This information
can be fed into security tools or reconciled later for other accounting
purposes.
- Support for the Trust Association Interceptor security
component. This is the recommended security mechanism for Telecom Web Services Server.
- Support for integration with external security systems, such as
network monitoring and operations systems.