Skip to Main Content
Return to Navigation

Understanding WS-Security

By implementing the WS-Security standard, PeopleSoft provides the ability to leverage emerging XML security technologies to address web services security requirements. WS-Security provides:

By providing WS-Security capabilities, you can leverage the standard set of SOAP extensions, that you use when building secure web services, to implement message content integrity and confidentiality. WS-Security provides a way to insert and convey security tokens in SOAP messages. The ability to leverage WS-Security standards provides for better interoperability and improved usability, enabling the implementation of robust security within a WSRP-capable environment. The solutions being provided through the PeopleSoft WS-Security implementation include:

The WS-Security Username Token Profile defines a standard way to associate user ID and password information in the SOAP messaging for web services interoperability.

The Security Assertion Markup Language (SAML) token uses assertions to define a standard way to associate common information such as issuer ID, NotBefore and NotOnOrAfter conditions, assertion ID, subject, and so on.

The OASIS WS-Security specification is the open standard for web services security. Its goal is to let applications secure SOAP message exchanges by providing encryption, integrity, and authentication support. It provides authentication support for SOAP messaging. WS-Security offers these general-purpose mechanisms for associating security tokens with message content:

Note: PeopleSoft provides multiple levels of security for WSRP. These levels, or options, are discussed in the following topic. PeopleSoft recommends that you determine the level that is appropriate for your needs before implementing WS-Security. Using ssl/tls connections to secure transmissions may be sufficient.

Image: WS-Security SOAP Message Structure

This figure shows how WS-Security inserts and conveys security tokens in SOAP messages.

WS-Security SOAP Message Structure