Integration Platform Technologies: Siebel eBusiness Application Integration Volume ll > Web Services > About the WS-Security UserName Token Profile Support >

About Support for the UserName Token Mechanism

The support for the UserName Token mechanism includes the following:

• Allows an inbound SOAP request to contain user credentials that can be provided to the inbound SOAP dispatcher to perform the necessary authentication.
• Allows an inbound SOAP dispatcher to perform the necessary authentication on an inbound SOAP request that contains user credentials.
• Allows an outbound SOAP request to contain user credentials that can be utilized by the external application.

Following is an example of passing the user name and password by way of a URL:

http://webserver/eai_enu/start.swe?SWEExtSource=WebService&SWEExtCmd=Execute&

Username=SADMIN&Password=SADMIN

With UserName tokens, the URL does not reveal user credentials:

http://webserver/eai_anon_enu/start.swe?SWEExtSource=SecureWebService&SWEExtCmd=Execute

NOTE:  Using WS-Security is optional. If security is of utmost importance and if it is critical that the password not be provided in clear text, HTTPS should be used.