Integration Server 10.3 | Web Services Developer’s Guide | Securing Web Services Using WS-SecurityPolicy | About Implementing WS-SecurityPolicy
 
About Implementing WS-SecurityPolicy
 
Security Options You Can Achieve with WS-SecurityPolicy
Starting with Integration Server 8.2, you can implement WS-Security using standard WS-SecurityPolicy. Using WS-SecurityPolicy for securing web services is an alternative to using the Integration Server WS-Security facility.
Integration Server supports a subset of the security assertions described in WS-SecurityPolicy 1.2, as well as WS-SecurityPolicy 1.1. For a description of the WS-SecurityPolicy assertions that Integration Server supports, see WS-SecurityPolicy Assertions Reference.
Integration Server supports attaching WS-Policies at the binding operation message type level, such as input, output, and fault, in consumer and provider web service descriptors. To attach a WS-Policy to a web service descriptor, the Pre-8.2 compatibility mode property of the web service descriptor must be set to false.
The WS-Policies that you can attach to web service descriptors must reside in WS-Policy files. Integration Server provides pre-defined WS-Policies with settings for a number of standard security configurations. For a description of the out-of-the-box WS-Policies, see Policies Based on WS-SecurityPolicy that Integration Server Provides.
You can use the out-of -the-box policies as is, or use them as templates for creating custom WS-Policies. For more information about defining your own policies, see WS-Policy Files and Guidelines for Creating WS-Policy Files. When defining your own WS-Policies, be sure to only include supported policy assertions. If you use a WS-Policy that contains unsupported policy assertions, unexpected behavior might occur.