Previous Topic

Next Topic

Book Contents

WS-Security

Transport level protocols such as HTTPS provides a level of security at the transport layer of the OSI Model. The WS-Security standard comprises a number of standards and headers that provide a level of security for your services that goes beyond the security provided by the transport layer. These standards and headers define mechanisms for:

  • Including authentication tokens
  • Including nonce
  • Encrypting messages
  • Signing messages
  • Adding timestamps to messages

At the time of this writing, additional information about the WS-Security standard could be found at:

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf

P6 Web Services

Using UsernameToken Profile, P6 Web Services allows you to secure messages with an authentication token, nonce and timestamp. P6 Web Services supports UsernameToken Profile with nonce\timestamp or without nonce\timestamp. P6 Web Services also supports SAML assertions, message encryption, digital signatures and message timestamp.

WS-Security support in P6 Web Services is implemented using Oracle Security Developer Tools (OSDT). If your application requires WS-Security features, OSDT jar files can be used in conjunction with P6 Web Services. The source code for the P6 Web Services demo project provides examples of how to use OSDT with P6 Web Services.


Copyright information