Operating Systems: i5/OS
Personalize the table of contents and search results
Configure Web services security using JAX-RPC at the platform level
In the platform configuration, general properties and additional
properties can be specified, and the default binding is included. You can
configure security for Web services at a platform level with a variety of
tasks including configuring key locators, trust anchors, and the collection
certificate at the generator, consumer binding, and sever levels.
Besides the application-level
constraints, there is a cell-level and server-level Web services security
(WSS) configuration called a platform-level configuration:
- These configurations are global for all applications and include some
configurations only for WebSphere Application Server V5.x applications
and some only for version 6.0.x applications.
- You can use the default binding as an application-level binding configuration
so that applications do not have to define the binding in the application.
There is only one set of default bindings that can be shared by multiple applications.
This set is only available for WebSphere Application Server V6.x applications.
Therefore, binding configuration files can
be specified at these levels: application, server, and cell. Each binding
configuration overrides the next higher one. For any deployed application,
the nearest configuration binding is applied. The visibility scope of the
binding depends on where the file is located. If the binding is defined in
an application, its visibility is scoped to that particular application. If
it is located at the server level, the visibility scope is all applications
that are deployed on that server. For Network Deployment, if it is located
at the cell level, the visibility scope is all applications deployed on all
servers of the cell.
Overview
To ensure Web services security at the platform level, you can
configure:
- A nonce on the server or cell level
- The key locator for the generator or
consumer binding on the application level, server level, or cell level
- Trust anchors for the generator or consumer
binding on the application level, server level, or cell level
- The collection certificate store for
the generator or consumer binding on the application level, server level or
cell level
- Trusted ID evaluators on the server or
cell level
- Hardware cryptographic devices for Web services security
- The rrdSecurity.props property file
Procedure
- To configure a nonce on the server or
cell level, see the steps in Configuring a nonce on the server or
cell level
- To configure the key locator for the generator binding on the application
level, see the steps in Configuring the key locator using JAX-RPC for the generator binding
on the application level
- To configure the key locator for the consumer binding on the application
level, see the steps in Configuring the key locator using JAX-RPC for the consumer binding
on the application level
- To configure the key locator on the server or
cell level, see the steps in Configuring the key locator using JAX-RPC on the server or
cell level
- To configure trust anchors for the generator binding on the application
level, see the steps in Configuring trust anchors for the generator binding on the application
level
- To configure trust anchors for the consumer binding on the application
level, see the steps in Configuring trust anchors for the consumer binding on the application
level
- To configure trust anchors on the server or
cell level, see the steps in Configuring trust anchors on the server or
cell level
- To configure the collection certificate store for the generator
binding on the application level, see the steps in Configuring the collection certificate store for the generator binding
on the application level
- To configure the collection certificate store for the consumer
binding on the application level, see the steps in Configuring the collection certificate store for the consumer binding
on the application level
- To configure the collection certificate on the server or
cell level, see the steps in Configuring the collection certificate on the server or
cell level
- To configure trusted ID evaluators on the server or
cell level, see the steps in Configuring trusted ID evaluators on the server or
cell level
- To enable hardware cryptographic devices for Web
services security, see the steps in Enabling hardware cryptographic devices for Web Services Security
- To work with the rrdSecurity.props file,
see rrdSecurity.props file
Results
By completing these steps, you have configured Web services security
at the platform level.
}
Configuring a nonce on the server or
cell level
Distributing nonce caching to servers in a cluster
Configuring the key locator using JAX-RPC for the generator binding
on the application level
Configuring the key locator using JAX-RPC for the consumer binding
on the application level
Configuring the key locator using JAX-RPC on the server or
cell level
Configuring trust anchors for the generator binding on the application
level
Configuring trust anchors for the consumer binding on the application
level
Configuring trust anchors on the server or
cell level
Configuring the collection certificate store for the generator binding
on the application level
Configuring the collection certificate store for the consumer binding
on the application level
Configuring the collection certificate on the server or
cell level
Configuring trusted ID evaluators on the server or
cell level
Enabling hardware cryptographic devices for Web Services Security
rrdSecurity.props file
Related tasks
Securing Web services applications using JAX-RPC at the message level
|