Web Services Security configuration considerations
To secure web services for WebSphere® Application Server, you must specify several different configurations. Although there is not a specific sequence in which you must specify these different configurations, some configurations reference other configurations.
You can configure Web Services Security on the application level, server level, and the cell level. The following table shows an example of the relationships between each of the configurations that apply to just the application, to an entire server, or to the entire cell. However, the requirements for the bindings depend upon the deployment descriptor. Some binding information depends upon other information in the binding or server and cell-level configuration. Within the table, the configurations in the Referenced configurations column are referenced by the configuration listed in the Configuration name column. For example, the token generator on the application-level for the request generator references the collection certificate store, the nonce, time stamp, and callback handler configurations.
Configuration level | Configuration name | Referenced configurations |
---|---|---|
Application-level request generator | Token generator |
|
Application-level request generator | Key information |
|
Application-level request generator | Signing information |
|
Application-level request generator | Encryption information |
|
Application-level request consumer | Token consumer |
|
Application-level request consumer | Key information |
|
Application-level request consumer | Signing information |
|
Application-level request consumer | Encryption information |
|
Application-level response generator | Token generator |
|
Application-level response generator | Key information |
|
Application-level response generator | Signing information |
|
Application-level response generator | Encryption information |
|
Application-level response consumer | Token consumer |
|
Application-level response consumer | Key information |
|
Application-level response consumer | Signing information |
|
Application-level response consumer | Encryption information |
|
Server-level default generator bindings | Token generator |
|
Server-level default generator bindings | Key information |
|
Server-level default generator bindings | Signing information |
|
Server-level default generator bindings | Encryption information |
|
Server-level default consumer bindings | Token consumer |
|
Server-level default consumer bindings | Key information |
|
Server-level default consumer bindings | Signing information |
|
Server-level default consumer bindings | Encryption information |
|
Cell-level default generator bindings | Token generator |
|
Cell-level default generator bindings | Key information |
|
Cell-level default generator bindings | Signing information |
|
Cell-level default generator bindings | Encryption information |
|
Cell-level default consumer bindings | Token consumer |
|
Cell-level default consumer bindings | Key information |
|
Cell-level default consumer bindings | Signing information |
|
Cell-level default consumer bindings | Encryption information |
|
When multiple applications will use the same binding information, consider configuring the binding information on the server or cell level. For example, you might have a global key locator configuration that is used by multiple applications. Configuration information for the application-level precedes similar configuration information on the server-level and the cell level.