Category | Description |
Signature Options | A signature is a means of authenticating a message so that the recipient is certain of the sender’s identity and the integrity of the message content. Signing a message involves encrypting a message digest with the sender’s private key. To verify a signed message, the recipient uses the public key corresponding to the sender’s private key. The signature attributes that the WS-Security facility supports include the following: Allow a signature with an expired certificate Require the SOAP message body to be signed Authenticate the message with the signing certificate The WS-Security facility does not support the following signature options: Selecting the algorithm to use in creating the message digest Selective or multiple signing of an outbound message |
Encryption Options | The WS-Security implementation encrypts SOAP message bodies using the recipient’s public key. The available encryption options that the WS-Security facility supports include the following: Select an encryption algorithm Select a key wrapping algorithm Require the SOAP body of inbound messages to be encrypted The WS-Security facility does not support the following encryption options: The C14N canonicalization algorithm Selective or multiple encryption of an outbound message Encrypting outbound messages with a password |
Security Timestamps | The WS-Security facility allows you to use a Timestamp element that specifies message expiration time, as well as the precision of the time measurement. This element offers protection against replay attacks, since inbound messages arriving after the expiration time can be invalidated. |
Username and X.509 Certificate Tokens | The WS-Security facility allows you to use either of two WS-Security standard authentication token categories for authenticating a web service: Username. The web services consumer supplies a UsernameToken block to identify the requestor by “username” and a password (text) to authenticate the identity to a web services producer. Generally, you should use a Timestamp element specifying message expiration with the UsernameToken. X509 Certificate Authentication. A binary token type that represents either a single certificate or certificate path in X.509 certificate format. |