Understanding WS-SecurityThis chapter contains an overview of WS-Security and discusses how to:
Implementing WS-Security for WSRP.
Implementing WS-Security for PeopleSoft Integration Broker.
Understanding WS-SecurityBy implementing the WS-Security standard, PeopleSoft provides the ability to leverage emerging XML security technologies to address web services security requirements. WS-Security provides:
A way for applications to construct secure SOAP message exchanges.
A general-purpose mechanism for associating security tokens with SOAP messages.
XML message integrity and confidentiality.
By providing WS-Security capabilities, you can leverage the standard set of SOAP extensions, that you use when building secure web services, to implement message content integrity and confidentiality. WS-Security provides a way to insert and convey security tokens in SOAP messages. The ability to leverage WS-Security standards provides for better interoperability and improved usability, enabling the implementation of robust security within a WSRP-capable environment. The solutions being provided through the PeopleSoft WS-Security implementation include:
Enable web service security between WSRP consumer and producer.
The web services consumer passes the appropriate identification to a producer as part of the SOAP message, so that producer can verify the identity in order to execute requested web services on behalf of the user without requiring a user to log in. Integration between web services consumer and producer feature is currently supported in PeopleSoft WSRP Portal, PeopleSoft Integration Broker, and BPEL product.
SOAP message integrity. Ensuring that messages have not been tampered with
SOAP message confidentiality. Guaranteeing that messages are protected against eavesdroppers.
The WS-Security Username Token Profile defines a standard way to associate user ID and password information in the SOAP messaging for web services interoperability.
The Security Assertion Markup Language (SAML) token uses assertions to define a standard way to associate common information such as issuer ID, NotBefore and NotOnOrAfter conditions, assertion ID, subject, and so on.
The OASIS WS-Security specification is the open standard for web services security. Its goal is to let applications secure SOAP message exchanges by providing encryption, integrity, and authentication support. It provides authentication support for SOAP messaging. WS-Security offers these general-purpose mechanisms for associating security tokens with message content:
Username token.
SAML token.
Note. PeopleSoft provides multiple levels of security for WSRP. These levels, or options, are discussed in the following chapter. PeopleSoft recommends that you determine the level that is appropriate for your needs before implementing WS-Security. Using ssl/tls connections to secure transmissions may be sufficient.
This figure shows how WS-Security inserts and conveys security tokens in SOAP messages:
WS-Security SOAP Message Structure
Implementing WS-Security for WSRPIf using the web services for remote portals technology, you implement WS-Security.
See Configuring WS-Security For WSRP Consumption and Production.
Implementing WS-Security for PeopleSoft Integration BrokerIf using PeopleSoft Integration Broker, you configure WS-Security to ensure secure transmissions.
See Setting Up Secure Integration Environments.