Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Web services security, or to be more precise, SOAP message security identifies and provides solutions for general computer security threats as well as threats unique to Web services. WSO2 supports WS Security, WS-Policy and WS-Security Policy specifications. These specifications define a behavioral model for Web services. Since a requirement for one Web service may not be valid for another, the WSO2 Enterprise Integrator (WSO2 EI) also helps define service-specific security.

It provides 16 predefined, commonly-used security scenarios. All you have to do is apply the required security scenario into your service through the service's dashboard. You can also define a custom security policy. Understanding the exact security requirements is the first step in planning to secure Web services. Consider what security aspects are important to your service, whether it is the integrity, confidentiality, or both.

The default security scenarios

The topics below explain the 16 default security scenarios provided by WSO2.

Table of Contents
maxLevel4
minLevel4
 

1. UsernameToken

Image RemovedImage Added

2. Non-repudiation

Image RemovedImage Added

3. Integrity

Image RemovedImage Added

4. Confidentiality

Image RemovedImage Added

5. Sign and

encrypt

Encrypt - X509 Authentication

Image RemovedImage Added

6. Sign and Encrypt - Anonymous clients

Image RemovedImage Added

7. Encrypt

only

Only - Username Token Authentication

Image RemovedImage Added

8. Sign and Encrypt - Username Token Authentication

Image RemovedImage Added

9. SecureConversation Secure Conversation - Sign only - Service as STS - Bootstrap policy - Sign and Encrypt , X509 Authentication

Image RemovedImage Added

10.

SecureConversation

Secure Conversation -

Sign

Encrypt Only - Service as STS -

Bootstrap policy -

Sign and Encrypt ,

Anonymous clients

X509 Authentication

Image RemovedImage Added

11. SecureConversation Secure Conversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt , X509 Authentication

Image RemovedImage Added

12. SecureConversation Secure Conversation - Sign Only - Service as STS - Bootstrap policy - Sign and Encrypt , Anonymous clients

Image RemovedImage Added

13.

SecureConversation

Secure Conversation -

Sign and

Encrypt Only - Service as STS - Bootstrap policy - Sign and Encrypt , Anonymous clients

Image RemovedImage Added

14. SecureConversation Secure Conversation - Encrypt Only - Service as STS - Bootstrap policy - Sign and Encrypt , Username Token Authentication

Image RemovedImage Added

15. SecureConversation Secure Conversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt , Username Token Authentication

Image RemovedImage Added

16. Kerberos Token-based Security

If you apply security scenario 16 (Kerberos Token-based Security), you must associate your service with a service principal. Security scenario 16 is only applicable if you have a Key Distribution Center (KDC) and an Authentication Server in your environment. Ideally you can find KDC and an Authentication Server in a LDAP Directory server.

Two configuration files are used to specify Kerberos related parameters as follows.

  • krb5.conf - Includes KDC server details, encryption/decryption algorithms etc.
  • jaas.conf - Includes information relevant to authorization.

The above files are located in in <PRODUCT_HOME>/repository/conf/security folder.

After selecting scenario 16, fill information about the service principal to associate the Web service with. You must specify the service principal name and password. The service principal must be already defined in the LDAP Directory server.