Table of Contents
The Web Services portion of GT 4.0 uses SOAP over HTTP for communicating messages.
WS Authentication and Authorization Message-Level Security implements the WS-Security standard and the WS-SecureConversation specification to provide message protection for SOAP messages. Features include authentication of the sender, encryption of the message, integrity protection of the message and replay protection.
WS Authentication and Authorization Transport-Level Security provides a secure channel by using HTTP over SSL/TLS (HTTPS) for transporting the messages. This security mechanism supports all of the security features provided by SSL/TLS with the addition of support for X.509 Proxy Certificates.
Features new in GT 4.0
- Compliance with published IBM/Microsoft WS-Trust and WS-SecureConversation specifications
- Compliance with the Web Services Security 1.0 standard
- HTTPS support
Other Supported Features
- Message encryption, integrity protection and replay attack prevention
- Establishment of a session key for light-weight message protection
Deprecated Features
- GT 3.2 SecureConversation protocol
Usability improvements for WS Authentication and Authorization Message- and Transport-Level Service:
- There is no content available at this time.
Protocol changes in WS Authentication and Authorization Message-Level Security since GT 3.2
- WS-SecureConversation updated to reflect published IBM/Microsoft specification.
- Web Services Security updated to reflect published OASIS standard (1.0).
API changes since GT 3.2
- N/A
Exception changes since GT 3.2
- N/A
Schema changes since GT 3.2
- N/A
WS Authentication and Authorization Message & Transport Level Security depends on the following GT components:
- The C implementation depends on C WS Core.
- The Java implementation depends on Java WS Core.
WS Authentication and Authorization Message & Transport Level Security depends on the following 3rd party software:
- Apache WSFX Security Libraries
- PureTLS Libraries
- BouncyCastle JCE provider
- Cryptix Libraries
- Apache XML Security Libraries
WS Authentication and Authorization Message & Transport Level Security should work on any platform that supports J2SE 1.3.1 or higher.
Tested Platforms for WS Authentication and Authorization Message & Transport Level Security
- Linux (Red Hat 7.3)
- Windows 2000
- Solaris 9
Associated standards for WS A&A Message/Transport-level Security:
- WS-Security
- WS-Security: X.509 Certificate Tokens
- WS-Security: Username Tokens
- WS-Trust
- WS-Secure Conversation
- WS-I Basic Security Profile
- RFC 3820 Proxy Certificates
- RFC 2818 HTTP over TLS
- RFC 2246 TLS
- JAAS
Click here for more information about this component.