Web Services Security APIs

Web Services Security APIs

The Web Services Security programming model provides application programming interfaces (WSS API) for securing the SOAP message. The WSS API model is based on Web Services Security Version 1.1 standards but also includes support for Web Services Security Version 1.0.

The Web Services Security APIs (WSS APIs) can generate and process the following SOAP-related bindings for XML security:

XML signature and signature verification
XML encryption and decryption

The token processing and pluggable token architecture in the Web Service Security run time has been redesign to reuse the same Security Token interface and the JAAS Login Module as those used for the WSS APIs.

The following table lists the WSS API interfaces provided with WebSphere Application Server and used to configure signing and encryption information in the SOAP bindings for the generator and consumer bindings.

WSS API interfaces Description
WSSDecryption Package: com.ibm.websphere.wssecurity.wssapi.decryption
This interface is responsible for specifying decryption. The default values for decryption include:

Targets: BODY_CONTENT, SIGNATURE
Data encryption method: AES128
Key encryption method: KW_RSA_OAEP
Security token: X.509

WSSDecryptPart Package: com.ibm.websphere.wssecurity.wssapi.decryption
This interface is responsible for adding decrypted parts, as needed. If specified, the default values for decrypted parts include:

Security token: X.509
Transform method: N/A (not applicable)

WSSEncryption Package: com.ibm.websphere.wssecurity.wssapi.encryption
This interface is responsible for the encryption component. The default values for encryption include:

Targets: BODY_CONTENT, SIGNATURE
Data encryption method: AES128
Key encryption method: KW_RSA_OAEP
Security token: X.509
refType: SecurityToken.REF_KEYID
mtomOptimize: false

WSSEncryptPart Package: com.ibm.websphere.wssecurity.wssapi.encryption
This interface is responsible for adding encrypted parts, as needed. If specified, the default values for encrypted parts include:

Transform method: N/A (not applicable)

WSSSignature Package: com.ibm.websphere.wssecurity.wssapi.signature
This interface is responsible for specifying the signature. The default values for signature include:

Targets: BODY, ADDRESSING_HEADERS, TIMESTAMP
Signature method: RSA_SHA1
Canonicalization method: EXC_C14N
Security token: X.509
Type of token reference: SecurityToken.REF_STR

WSSSignPart Package: com.ibm.websphere.wssecurity.wssapi.signature
This interface is responsible for adding signed parts, as needed. If specified, the default values for signed parts include:

Transform method : TRANSFORM_EXC_C14N
Digest method: SHA1

WSSVerification Package: com.ibm.websphere.wssecurity.wssapi.verification
This interface is responsible for specifying the signature verification. The default values for verification include:

Targets: BODY, ADDRESSING_HEADERS, TIMESTAMP
Signature method: RSA_SHA1
Canonicalization method: EXC_C14N
Security token: X.509

WSSVerifyPart Package: com.ibm.websphere.wssecurity.wssapi.verification
This interface is responsible for adding verify parts, as needed. If specified, the default values for verify parts include:

Digest method: SHA1
Transform method: TRANSFORM_EXC_C14N

Also see the information about pre-configured generator and consumer tokens.

WSS API interfaces	Description
WSSDecryption	Package: com.ibm.websphere.wssecurity.wssapi.decryption This interface is responsible for specifying decryption. The default values for decryption include: Targets: BODY_CONTENT, SIGNATURE Data encryption method: AES128 Key encryption method: KW_RSA_OAEP Security token: X.509
WSSDecryptPart	Package: com.ibm.websphere.wssecurity.wssapi.decryption This interface is responsible for adding decrypted parts, as needed. If specified, the default values for decrypted parts include: Security token: X.509 Transform method: N/A (not applicable)
WSSEncryption	Package: com.ibm.websphere.wssecurity.wssapi.encryption This interface is responsible for the encryption component. The default values for encryption include: Targets: BODY_CONTENT, SIGNATURE Data encryption method: AES128 Key encryption method: KW_RSA_OAEP Security token: X.509 refType: SecurityToken.REF_KEYID mtomOptimize: false
WSSEncryptPart	Package: com.ibm.websphere.wssecurity.wssapi.encryption This interface is responsible for adding encrypted parts, as needed. If specified, the default values for encrypted parts include: Transform method: N/A (not applicable)
WSSSignature	Package: com.ibm.websphere.wssecurity.wssapi.signature This interface is responsible for specifying the signature. The default values for signature include: Targets: BODY, ADDRESSING_HEADERS, TIMESTAMP Signature method: RSA_SHA1 Canonicalization method: EXC_C14N Security token: X.509 Type of token reference: SecurityToken.REF_STR
WSSSignPart	Package: com.ibm.websphere.wssecurity.wssapi.signature This interface is responsible for adding signed parts, as needed. If specified, the default values for signed parts include: Transform method : TRANSFORM_EXC_C14N Digest method: SHA1
WSSVerification	Package: com.ibm.websphere.wssecurity.wssapi.verification This interface is responsible for specifying the signature verification. The default values for verification include: Targets: BODY, ADDRESSING_HEADERS, TIMESTAMP Signature method: RSA_SHA1 Canonicalization method: EXC_C14N Security token: X.509
WSSVerifyPart	Package: com.ibm.websphere.wssecurity.wssapi.verification This interface is responsible for adding verify parts, as needed. If specified, the default values for verify parts include: Digest method: SHA1 Transform method: TRANSFORM_EXC_C14N