Web services security for WebSphere Application Server - Express Version 5.0.2 and above is based on standards included in the Web services security specification 
(http://www.ibm.com/developerworks/library/ws-secure/). Web services security is a message-level standard, based on securing Simple Object Access Protocol (SOAP) messages through XML digital signature, confidentiality through XML encryption and credential propagation through security tokens.
The specification proposes a standard set of Simple Object Access Protocol (SOAP) extensions that you can use to build secure Web services. These standards confirm integrity and confidentiality, which are generally provided with digital signature and encryption technologies. In addition, Web services security provides a general purpose mechanism for associating security tokens with messages. A typical example of the security token is a user name and password token, in which a user name and password are included as text. Web services security defines how to encode binary security tokens such as X.509 certificates and Kerberos tickets.
Note: If you are using Apache SOAP 2.3 (deprecated), see Secure SOAP services for information about configuring Web services security.
For an explanation of Web services security and for instructions on how to configure WebSphere Application Server - Express, see the following topics:
Overview of Web services security
See this topic for information about how WebSphere Application Server - Express implements Web services security, including the architecture, scenarios, and sample configurations.Configure Web services authentication
See this topic for instructions for configuring authentcation for Web services.Configure Web services for digital signing
You can configure your Web services to digitally sign portions of a SOAP message. See this topic for more information.Configure Web services encryption and decryption
WebSphere Application Server - Express supports the encryption and description of SOAP messages. See this topic for more information.Configure client-side SSL for Web services
This topic describes how to configure SSL for Web services clients.