Web Services Security (WSS) encompasses a set of extensible standards to allow SOAP web services to define security constraints and requirements so that client applications can determine and understand them programmatically. It includes many of the WS-* standards, co-authored by several well known software vendors, plus standards from W3C and OASIS.

To define its WSS security requirements for MashZone NextGen, a web service must provide this information:

Web service clients must include SOAP headers in requests to provide the required encryption, tokens, certificates, digests or other artifacts needed to comply with the policies for the web service. MashZone NextGen can automatically generate the WSS SOAP headers needed for WSDL web services that explicitly define security policies.

To support the very broad set of features and the extensible nature of WSS, MashZone NextGen uses an extensible architecture with built-in support for some simple, common security policies. See Built-in WSS Support for Policies and Policy Attachments, Built-in WSS Support for Policy Assertions and Tokens and Built-in WSS Support for Certificates and Encryption for specific information on the WSS features that MashZone NextGen supports 'out of the box.'

MashZone NextGen can also be extended to support additional policy profiles or security standards. Please contact your Software AG representative for more information on WSS extensions.

MashZone NextGen also supports authentication for WSDL web services that do not use WSS policies using HTTP basic authentication, Windows NT Domains or SSL with digital certificates. See WSDL Web Services for links to more information.