Integration Server supports the WS-Security standard for use with web services. In contrast to transport-based authentication frameworks such as HTTPS and FTPS, which secure the endpoints of a connection against threats, WS-Security secures the message transmission environment between endpoints. Authentication information, which is included in the SOAP message header, can be saved in X.509 certificates, user name tokens or SAML tokens, and may include the actual certificates or references.

The focus of this chapter is on the use of transport-based security with Integration Server. However, when configuring an Integration Server web service for WS-Security, you specify its SSL, signing, and decryption keys with Integration Server Administrator the same as you would for setting up transport-based security (see Specifying the Integration Server SSL Authentication Credentials). If you intend to use WS-Security with your Integration Server-based web services, see webMethods Service Development Help and the Oasis Standards documentation for WS-Security.