Integration Server 10.7 | Web Services Developer’s Guide | Securing Web Services (WS-Security) | WS-Security in Integration Server
 
WS-Security in Integration Server
Integration Server provides message-based security for SOAP messages using WS-Security. In contrast to transport-based authentication frameworks such as HTTPS, which secure the endpoints of a connection against threats, WS-Security secures the message transmission environment between endpoints. Using both transport-based and message-based security provides more complete end-to-end protection for data passing across public networks.
Integration Server provides two methods for using WS-Security.
*Using WS-SecurityPolicy.
Starting with Integration Server version 8.2, you can attach standard WS-SecurityPolicy policies to a web service descriptor. To use this method, the web service must not be running in pre-8.2 compatibility mode (i.e., the web service descriptor Pre-8.2 compatibility mode property must be set to false). For more information, see Securing Web Services Using WS-SecurityPolicy.
*Using the Integration Server WS-Security facility.
Integration Server versions prior to 8.2 provided WS-Security support using the WS-Security facility. You can still use the WS-Security facility provided that the web service is configured to run in pre-8.2 compatibility mode (i.e., the web service descriptor Pre-8.2 compatibility mode property is set to true). For more information, see Securing Web Services Using the WS-Security Facility.
Note:
The WS-Security facility is deprecated as of Integration Server 10.4 because the web services implementation with which the WS-Security facility is used is deprecated. Specifically, the web services implementation introduced in Integration Server version 7.1 is deprecated.