Requires a SAML token in the security header. Integration Server authenticates the sender of the inbound request messages using the client certificate from the SAML token.

Requires a signed Timestamp token in the security header, which Integration Server validates to ensure against replay attacks.

Requires that the SOAP body of the inbound request be signed and verifies the signature. For the resolution order that Integration Server uses to determine the certificate it uses for verification, see Web Service Provider: Request (Inbound Security) Detailed Usage and Resolution Order.

Adds a signed Timestamp token to the security header. Integration Server determines the timestamp expiration date to specify using the WS Security Properties of the endpoint alias or by using watt.server.ws.security server configuration parameters. For more information, see webMethods Integration Server Administrator’s Guide. Integration Server signs the Timestamp token using the its private key.

Signs the SOAP body of the outbound response message using its private key. For the resolution order that Integration Server uses to determine the private key it uses for signing, see Web Service Provider: Response (Outbound Security) Detailed Usage and Resolution Order.