The Integration Server WS-Security facility is a message-based security implementation in which authentication information is contained in a SOAP message header that is delivered along with the message payload. The facility implements a subset of the WS-Security protection mechanisms described in the WS-Security, version 1.0 standards, such as message signing and encryption, security timestamps, and use of Username and X.509 certificate tokens.

By encapsulating security policy definitions in an XML file, the facility allows you to define different security policies and select any policy for use with one or more Integration Server-based web services configured for WS-Security.

The WS-Security facility and the ability to associate WS-Security handlers to a web service descriptors is for web service descriptors that run in pre-8.2 compatibility mode only.