About Securing Web Service Providers and Consumers
WS-Security is structured around a request-response message exchange model between a web service consumer and a web service provider. As shown in the following figure, the message exchange is initiated by a web service consumer requesting a service from a web service provider, who processes the request and sends a response to the consumer.
Step | Description |
1 | The web service consumer constructs an outbound request and sends it to a web service provider. |
2 | The provider receives the inbound request. |
3 | The provider constructs an outbound response and sends it back to the consumer. |
4 | The consumer receives the inbound response from the provider. |
When
Web Service Type | Outbound Message | Inbound Message |
Consumer | Sends request ![*](chapterTOC_bullet.png) Include UsernameToken ![*](chapterTOC_bullet.png) Use digital signature ![*](chapterTOC_bullet.png) Timestamp message | Receives response ![*](chapterTOC_bullet.png) Decrypt messages |
Provider | Sends response ![*](chapterTOC_bullet.png) Encrypt messages | Receives request ![*](chapterTOC_bullet.png) Authenticate the UsernameToken ![*](chapterTOC_bullet.png) Verify signature ![*](chapterTOC_bullet.png) Enforce message expiration |