NonStop SOAP 4.1 User's Manual

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

271

272

273

274

275

276

277

278

279

280

14 WS–Security in NonStop SOAP 4

WS-Security provides a platform to secure your services beyond transport level protocols, such as

HTTPS. HTTPS performs a secure message transfer from one end point to another. However, in the

real world, the message is transferred over multiple domains and you must preserve the identity,

integrity, and security of the message across multiple trusted domains or points. WS-Security

provides an end-to-end solution for Web service security.

WS-Security allows you to perform the following:

• Pass authentication tokens between services

• Encrypt messages or part of messages

• Sign messages

• Timestamp messages

NonStop SOAP 4 uses Axis2c Rampart module to implement WS-Security. WS-Security can be

activated by using WS-SecurityPolicy 1.1. WS-SecurityPolicy 1.1 provides a set of standards for

validating the security properties of a received message.

You can configure the client with the help of algorithms that are supported in WS-SecurityPolicy.

You cannot secure the NonStop SOAP service with a non WS-SecurityPolicy approach.

The Axis2c Rampart module provides an implementation of the primary security standards for Web

Services, such as the OASIS Web Services Security specification from the OASIS Web Services

Security TC.

The Rampart module provides an implementation of the following WS-Security standards:

• SOAP Message Security V1.0 (http://docs.oasis-open.org/wss/2004/01/

oasis-200401-wss-soap-message-security-1.0.pdf)

• Username Token Profile V1.0 (http://docs.oasis-open.org/wss/2004/01/

oasis-200401-wss-username-token-profile-1.0.pdf)

• X.509 Certificate Token Profile V1.0 (http://docs.oasis-open.org/wss/2004/01/

oasis-200401-wss-x509-token-profile-1.0.pdf)

This chapter includes the following topics:

• “Overview of Encryption and Signing” (page 271)

• “Supported WS–Security Features ” (page 273)

• “Securing a NonStop SOAP 4 Service” (page 274)

• “Rampart Specific Assertions ” (page 275)

• “Publishing the Security Requirements” (page 277)

• “Configuring the Client to Invoke a Secured Web Service” (page 277)

• “Extensible Modules ” (page 278)

• “Sample Programs” (page 279)

• “Recommendations” (page 284)

Overview of Encryption and Signing

WS-Security uses public or private key cryptography. Public key cryptography contains a pair of

public and private keys. Although different, the two parts of the key pair are mathematically linked.

These are generated by using a large prime number and a key function.

Overview of Encryption and Signing 271