Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Secure web services > Web Services Security concepts > Web Services Security concepts for v5.x applications
Security token
A security token represents a set of claims made by a client that might include a name, password, identity, key, certificate, group, privilege, and so on.
There is an important distinction between v5.x and Version 6.0.x and later applications. The information in this article supports v5.x applications only that are used with WAS v6.0.x and later. The information does not apply to Version 6.0.x and later applications.
Web Services Security provides a general-purpose mechanism to associate security tokens with messages for single message authentication. A specific type of security token is not required by Web Services Security. Web services security is designed to be extensible and support multiple security token formats to accommodate a variety of authentication mechanisms. For example, a client might provide proof of identity and proof of a particular business certification.
A security token is embedded in the SOAP message within the SOAP header. The security token within the SOAP header is propagated from the message sender to the intended message receiver. On the receiving side, the WAS security handler authenticates the security token and sets up the caller identity on the running thread.
Username token
Binary security token
XML token
Web services
Secure web services for v5.x applications using XML digital signature