Integration Server 10.7 | Web Services Developer’s Guide | Securing Web Services Using WS-SecurityPolicy | Policies Based on WS-SecurityPolicy that Integration Server Provides | Username_Over_Transport
 
Username_Over_Transport
The Username_Over_Transport policy uses a Username token to provide client authentication with Transport binding and includes a Timestamp token to guard against replay attacks. The entire message is secured by the HTTPS transport protocol. This policy does not enforce signatures or encryption.
When the policy is attached to:
Message type
To enforce the policy, Integration Server...
Consumer web service descriptor
outbound request
*Adds a Username token to the security header. Integration Server uses the user name provided on the endpoint alias or the one passed into the connector. For more information, see Web Service Consumer: Request (Outbound Security) Detailed Usage and Resolution Order.
*Adds a Timestamp token to the security header. Integration Server determines the timestamp expiration date to specify using the WS Security Properties of the endpoint alias or by using watt.server.ws.security server configuration parameters. For more information, see webMethods Integration Server Administrator’s Guide.
inbound response
*Requires a signed Timestamp token, which Integration Server validates to ensure against replay attacks.
Provider web service descriptor
inbound request
*Requires a Username token in the security header. Integration Server authenticates the sender of the inbound request messages using the user name supplied in Username token.
*Requires a signed Timestamp token in the security header, which Integration Server validates to ensure against replay attacks.
outbound response
Adds a Timestamp token to the security header. Integration Server determines the timestamp expiration date to specify using the WS Security Properties of the endpoint alias or by using watt.server.ws.security server configuration parameters. For more information, see webMethods Integration Server Administrator’s Guide.