Understanding WS-Security

By implementing the WS-Security standard, PeopleSoft provides the ability to leverage emerging XML security technologies to address web services security requirements. WS-Security provides:

  • A way for applications to construct secure SOAP message exchanges.

  • A general-purpose mechanism for associating security tokens with SOAP messages.

  • XML message integrity and confidentiality.

By providing WS-Security capabilities, you can leverage the standard set of SOAP extensions, that you use when building secure web services, to implement message content integrity and confidentiality. WS-Security provides a way to insert and convey security tokens in SOAP messages. The ability to leverage WS-Security standards provides for better interoperability and improved usability, enabling the implementation of robust security within a WSRP-capable environment. The solutions being provided through the PeopleSoft WS-Security implementation include:

  • Enable web service security between WSRP consumer and producer.

    The web services consumer passes the appropriate identification to a producer as part of the SOAP message, so that producer can verify the identity in order to execute requested web services on behalf of the user without requiring a user to log in. Single signon between the web services consumer and producer is currently supported in PeopleSoft WSRP Portal and PeopleSoft Integration Broker.

  • SOAP message integrity. Ensuring that messages have not been tampered with

  • SOAP message confidentiality. Guaranteeing that messages are protected against eavesdroppers.

The WS-Security Username Token Profile defines a standard way to associate user ID and password information in the SOAP messaging for web services interoperability.

The Security Assertion Markup Language (SAML) token uses assertions to define a standard way to associate common information such as issuer ID, NotBefore and NotOnOrAfter conditions, assertion ID, subject, and so on.

The OASIS WS-Security specification is the open standard for web services security. Its goal is to let applications secure SOAP message exchanges by providing encryption, integrity, and authentication support. It provides authentication support for SOAP messaging. WS-Security offers these general-purpose mechanisms for associating security tokens with message content:

  • Username token.

  • SAML token.

Note: PeopleSoft provides multiple levels of security for WSRP. These levels, or options, are discussed in the following topic. PeopleSoft recommends that you determine the level that is appropriate for your needs before implementing WS-Security. Using ssl/tls connections to secure transmissions may be sufficient.

Image: WS-Security SOAP Message Structure

This figure shows how WS-Security inserts and conveys security tokens in SOAP messages.

WS-Security SOAP Message Structure