Integration Server 10.3 | Web Services Developer’s Guide | Securing Web Services (WS-Security) | WS-Security and the Message Direction | About Securing Web Service Providers and Consumers
 
About Securing Web Service Providers and Consumers
WS-Security is structured around a request-response message exchange model between a web service consumer and a web service provider. As shown in the following figure, the message exchange is initiated by a web service consumer requesting a service from a web service provider, who processes the request and sends a response to the consumer.
Step
Description
1
The web service consumer constructs an outbound request and sends it to a web service provider.
2
The provider receives the inbound request.
3
The provider constructs an outbound response and sends it back to the consumer.
4
The consumer receives the inbound response from the provider.
When
Web Service Type
Outbound Message
Inbound Message
Consumer
Sends request
*Include UsernameToken
*Use digital signature
*Timestamp message
Receives response
*Decrypt messages
Provider
Sends response
*Encrypt messages
Receives request
*Authenticate the UsernameToken
*Verify signature
*Enforce message expiration