Integration Server 10.3 | Web Services Developer’s Guide | Securing Web Services (WS-Security) | How You Can Secure SOAP Messages with WS-Security
 
How You Can Secure SOAP Messages with WS-Security
The following table lists the principal categories of security options that Integration Server supports via WS-Security.
Security Option
Description
Signature
A signature is a means of authenticating a message so that the recipient is certain of the sender’s identity and the integrity of the message content. Signing a message involves encrypting a message digest with the sender’s private key. To verify a signed message, the recipient uses the public key corresponding to the sender’s private key.
Encryption
Encryption is a means of ensuring only the intended message recipient can read the message. The sender encrypts the message using the recipient’s public key. The recipient can then decrypt the message using its private key.
Security timestamps
Use a timestamp to specify the message expiration time, as well as the precision of the time measurement. This provides protection against replay attacks because inbound messages arriving after the expiration time can be invalidated.
Authentication tokens
You can use the following standard WS-Security authentication tokens for authenticating a web service client:
*Username tokens. The web services consumer identifies the requestor by specifying a user name and a password (text) to authenticate the identity to a web services producer.
*X509 Certificate Authentication. A binary token type that represents either a single certificate or certificate path in X.509 certificate format.
*SAML tokens. An XML standard that facilitates secure interchange of authentication and authorization information. SAML security tokens contain assertions about user and are attached to messages using WS-Security by placing assertion elements inside the header.
Note:
You can only use SAML tokens when using WS-SecurityPolicy. The Integration Server WS-Security facility does not support SAML tokens.