Configure Web services security

Web services security for WebSphere Application Server - Express Version 5.1 is based on standards included in the Web services security specification Link outside Information Center (http://www.ibm.com/developerworks/library/ws-secure/). Web services security is a message-level standard, based on securing Simple Object Access Protocol (SOAP) messages through XML digital signature, confidentiality through XML encryption and credential propagation through security tokens.

The specification proposes a standard set of Simple Object Access Protocol (SOAP) extensions that you can use to build secure Web services. These standards confirm integrity and confidentiality, which are generally provided with digital signature and encryption technologies. In addition, Web services security provides a general purpose mechanism for associating security tokens with messages. A typical example of the security token is a user name and password token, in which a user name and password are included as text. Web services security defines how to encode binary security tokens such as X.509 certificates and Kerberos tickets.

For an explanation of Web services security and for instructions on how to configure WebSphere Application Server - Express, see the following topics:

Overview of Web services security
See this topic for information about how WebSphere Application Server - Express implements Web services security, including the architecture, scenarios, and sample configurations.

Configure Web services authentication
See this topic for instructions for configuring authentcation for Web services.

Configure Web services for digital signing
You can configure your Web services to digitally sign portions of a SOAP message. See this topic for more information.

Configure XML encryption and decryption
WebSphere Application Server - Express supports the encryption and description of SOAP messages. See this topic for more information.

Configure HTTP basic authentication
WebSphere Application Server - Express provides an alternative to using WS-Security to secure Web services. You can configure your Web service to use HTTP basic authentication and SSL. See this topic for information.

Troubleshoot: Web services security
See this topic for information about troubleshooting security in Web services.