WS-SecurityTransport level protocols such as HTTPS provides a level of security at the transport layer of the OSI Model. The WS-Security standard comprises a number of standards and headers that provide a level of security for your services that goes beyond the security provided by the transport layer. These standards and headers define mechanisms for:
At the time of this writing, additional information about the WS-Security standard could be found at: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf P6 Web Services Using UsernameToken Profile, P6 Web Services allows you to secure messages with an authentication token, nonce and timestamp. P6 Web Services supports UsernameToken Profile with nonce\timestamp or without nonce\timestamp. P6 Web Services also supports SAML assertions, message encryption, digital signatures and message timestamp. WS-Security support in P6 Web Services is implemented using Oracle Security Developer Tools (OSDT). If your application requires WS-Security features, OSDT jar files can be used in conjunction with P6 Web Services. The source code for the P6 Web Services demo project provides examples of how to use OSDT with P6 Web Services. |