WS-Security
Transport level protocols such as HTTPS provides a level of security at the transport layer of the OSI Model. The WS-Security standard comprises a number of standards and headers that provide a level of security for your services that goes beyond the security provided by the transport layer. These standards and headers define mechanisms for:
- Including authentication tokens
- Including nonce
- Encrypting messages
- Signing messages
- Adding timestamps to messages
At the time of this writing, additional information about the WS-Security standard could be found at:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf
P6 EPPM Web Services
Using UsernameToken Profile, P6 EPPM Web Services allows you to secure messages with an authentication token, nonce and timestamp. P6 EPPM Web Services supports UsernameToken Profile with nonce\timestamp or without nonce\timestamp. P6 EPPM Web Services also supports SAML assertions, message encryption, digital signatures and message timestamp.
WS-Security support in P6 EPPM Web Services is implemented using Oracle Security Developer Tools (OSDT). If your application requires WS-Security features, OSDT jar files can be used in conjunction with P6 EPPM Web Services. The source code for the P6 EPPM Web Services demo project provides examples of how to use OSDT with P6 EPPM Web Services.
Last Published Thursday, May 2, 2024