ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/webserv/wssecresprec.htm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">

<title>Response receiver</title>
</head>

<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>

<h6><a name="wssecresprec"></a>Response receiver</h6>

<p>The response receiver defines the security requirements of the response
received from a request to a Web service. The security constraints for response
sender must match the security requirements of the response receiver. If the
constraints do not match, the response is not accepted by the caller or the
sender. The security handler enforces the security constraints based on the
security requirements defined in the IBM extension deployment descriptor,
located in the <tt>ibm-webservicesclient-ext.xmi</tt> file and in the bindings,
located in the <tt>ibm-webservicessclient-bnd.xmi</tt> file.</p>

<p>For example, the security requirement might have the response Simple Object
Access Protocol (SOAP) body encrypted. If the SOAP body of the SOAP message
is not encrypted, the response is rejected and the appropriate fault code
is communicated back to the caller of the Web services.</p>

<p>You can specify the following security requirements for a response receiver:</p>
<dl>
<dt><strong>Required integrity (digital signature)</strong></dt>
<dd>You can select which parts of a message are digitally signed. The following
list contains the integrity options:
<ul>
<li>Body</li>
<li>Time stamp</li>
</ul>
</dd>
<dt><strong>Required confidentiality (encryption)</strong></dt>
<dd>You can encrypt the body content of the message.</dd><dt><strong>Received time stamp</strong></dt>
<dd>You can have a time stamp for checking the timeliness of the message.</dd>
</dl>
</p>
</body>
</html>