Determining Security Requirements
Before implementing WSRP, you first need to determine the level of security that you require. If you are consuming remote portlets, the level that you select must be the same as the producer. If you are producing portlets, consider whether you need to secure only the transmission channel or the transmission channel and the messages. You should also consider how security will affect the performance of your servers.
Including the No Security option, six types of token security options are available for WS-Security (set in the server-config.wsdd file):
Important! The security option used by the producer must be an exact match to the security option used by the consumer.
None: No security token is required.
Username Token: The Username token is in clear text format.
Important! If you require a secure channel between the producer and consumer, the .HTTPS protocol must be used.
Authentication Token as Username Token with full security: Username token is encrypted and messages are digitally signed.
Note: For this option, either the HTTP or HTTPS protocol can be used to communicate between the producer and consumer.
Username token with no password and digital signature:
Authentication Token as SAML Token: The SAML token messages are digitally signed.
Note: SAML token messages are digitally signed by default.
Authentication Token as SAML Token with full security: The SAML token is encrypted and messages are digitally signed.
In addition, PeopleSoft features a WSRP WSS Enabled Response option. When specified in an outbound consumer request, the producer response must include a WSS header.