Programming Security for Web Services

Introduction and Roadmap

Scope

Documentation Audience

Prerequisites for this Document

Guide to this Document

Related Information

Introduction to the Web Services Security Service Module

Overview of Web Services

Product Overview

Web Services Environment

Web Services SSM

Client Trust Model

Deployment Model

Usage Model

Product Features

Optimizing Web Services Performance with Caches

Using the Web Services Client Authorization Cache

Installing the Web Services Authorization Cache

Client Configuration File

Third Party Dependencies

Authorization Cache Operation

Configuring the Client Authorization Cache

Config

CacheManager

Using the Web Services SSM Identity Cache

Using Failover with a Web Services Client

Configuring a Web Services Client for Failover

Client Configuration File

FailOverManager API

getInstance()

getInstance(ArrayList failOverEndPoints,int noOfRetries, int httpConTimeOut)

setEndPointList (ArrayList endpoints)

getEndPointList()

Web Services Interfaces

Registry Service Interface

How the Registry Service Works

Registry Service Methods

Methods Common to All Web Services Interfaces

Authentication Service Interface

Authentication Process

Authentication Service Methods

authenticate() Method

assertIdentity() Method

isAssertionTokenSupported() Method

validateIdentity() Method

Authorization Service Interface

Authorization Process

Authorization Service Methods

isAccessAllowed()

isAuthenticationRequired() Method

Auditing Service Interface

Auditing Process

Auditing Service Method

Role Mapping Service Interface

Role Mapping Process

Role Mapping Service Method

Credential Mapping Service Interface

Credential Mapping Process

Credential Mapping Method

XACML Interfaces

Overview

Use Case

Sample XACML Client

XACML Context

Authentication Token Types

SOAP Binding of XACML Context

XACML Request

OES XACML Response

WSDL Definition of the XACML Service