WS-Security, Policy Sets and Bindings in IBM APP Connect

What is WS-Security?

• Web service security is the mechanism to provide protection to SOAP messages by enhancing them to achieve message integrity, message confidentiality, and Authentication.
• Any SOAP message transmitting from Client to Server or Server to client can be protected using WS-Security.
• This is a message level protection
• Ws-Security supports multiple token formats for authentication
  • Username Token
  • X509 Token
  • SAML Assertions
  • Kerberos Tickets
  • LTPA binary Tokens

Ws-Security Mechanisms –

Web service security provides three mechanisms for message-level protection. They are

1. Authentication
2. Confidentiality
3. Integrity

Authentication –

• Recognizing a user’s identity is called Authentication. It is so that only authorized users can access the web service
• Ws-security can implement Authentication using Authentication tokens

The above figure Shows Signature token added to soap messages for authentication

Confidentiality –

• Confidentiality means only authorized individuals can view the sensitive data
• The data being sent over the network should not be accessed by unauthorized individuals
• Ws-security can implement Confidentiality using Encryption tokens.

The above figure shows Confidentiality is achieved by encrypting the soap messages and adding them to the Cipher value field when transmission.

 

Integrity –

• Integrity means the data is protected from unauthorized changes during transmission to ensure that it is reliable and correct.
• Ws-security can implement Integrity using Digital Signature tokens.

The above figure Shows Digital Signature added to soap messages for Integrity checking

What is a Policy Set and Policy Set Binding?

• Policy sets are used to implement Ws- security for SOAP messages in IBM Integration Bus/IBM App Connect.
• A policy set is a Container for Ws –Security.
• A policy Binding defines how a policy set will be used and contains the information the policy set will use during runtime like key information etc.
• When an integration node is created, default policy sets and bindings are created called WS10 Default. These contain only limited security configuration and they are not editable

Roles in Message Exchange?

Initiator – The role sending the Initial message in the message exchange

Recipient – The target Role is to process the initial message in the message exchange