To use the WS-Security facility you create policy files. A policy file is equivalent to a complete XML Header component of a web service descriptor. When configuring the WS-Security facility, you map a policy file to a web service descriptor file. Each time a message is sent or received by the web service, the authentication, signing, and encryption settings specified in the SOAP header are enabled.

Security options that you can specify depend the message direction, that is, either inbound or outbound. You specify the message direction using XML components in the policy file. Rules for inbound messages are specified within an <InboundSecurity> section, and rules for outbound messages are specified within an <OutboundSecurity> section. Security elements specifying username/password, signing, encryption, and all other properties, are contained within these sections. For more information and XML code examples specifying message direction, see InboundSecurity and OutboundSecurity Elements.

For a complete listing and description of the XML components and attributes that you can use in an Integration Server WS-Security facility policy file, see WS-Security Facility Policy Reference. A description of the authentication settings for a typical policy file is shown in Sample Policy File.

A number of pre-defined WS-Security facility policy files supplied with Integration Server are located in the Software AG_directory \IntegrationServer\instances\instance_name\config\policy directory. These policy files contain the settings for a number of standard security configurations. You can use these file out of the box, or as templates for creating custom policy files. For more information, see Policy Files Supplied with the WS-Security Facility.