Integration Server 10.3 | Web Services Developer’s Guide | Securing Web Services Using the WS-Security Facility | About the Integration Server WS-Security Facility | Supported Types of Message Authentication
 
Supported Types of Message Authentication
Integration Server’s WS-Security facility lets you implement policies for several standard message-based authentication scenarios:
*Username/password. You can include a UsernameToken in the header of an outbound message containing the user name and password credentials. The token is authenticated by the message recipient if it is found on inbound messages.
*X.509 Signature Authentication. Allows the use of a private key from an X.509 standard certificate to sign a document, thus authenticating the identity of the sender to the receiver. The recipient verifies the signed messages through the matching public key.
*Proprietary X.509 authentication. You can include an X.509 certificate or a reference to an X.509 certificate as an authentication token in the message header, without any signing or encryption. This combination of settings supports non-standard X.509 configurations.
Because no signing or encryption is used, you may need to provide additional transport-level security such as SSL to secure the endpoints of the connection.
In addition to these standard categories of authentication, the flexibility afforded by the XML policy elements allows for a high degree of customizing. You can assemble and implement many combinations of authentication options to protect your web service, as long as the web service supports the particular option.