OASIS: Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)
The following list shows the aspects of the OASIS: Web Services Security: SOAP Message Security 1.0 (WS-Security 2004) specification that is supported in WebSphere Application Server Version 6.
Manifests-xenc is the namespace prefix of http://www.w3.org/TR/xmlenc-core
xenc:ReferenceList
xenc:EncryptedKey
Advanced Encryption Standard (AES) is designed to provide stronger and better performance for symmetric key encryption over Triple-DES. Therefore,
it is recommended that you use AES, if possible, for symmetric key encryption.
Encryption message parts
WebSphere Application Server keywords
bodycontent, which is used to encrypt the SOAP body content
usernametoken, which is used to encrypt the username token
digestvalue, which is used to encrypt the digest value of the digital signature
XPath expression to select the XML element in the SOAP message
WebSphere Application Server is extended to allow you to insert time stamps into other elements so that the age of those elements can be determined.
Error handling
SOAP faults
OASIS: Web Services Security: UsernameToken Profile 1.0
The following list shows the aspects of the OASIS: Web Services Security: UsernameToken Profile 1.0 specification that is supported in WebSphere Application Server Version 6.
Supported topic
Specific aspect that is supported
Password types
Text
Token references
Direct reference
OASIS: Web Services Security X.509 Certificate Token Profile
The following list shows the aspects of the OASIS: Web Services Security X.509
Certificate Token Profile specification that is supported in WebSphere Application Server Version 6.
X.509 Version 3: PKCS7 with or without CRLs. The IBM software development kit (SDK) supports both. The Sun Java Development Kit (JDK) supports PKCS7
without CRL only.
The following list shows the functionality that is supported in the OASIS specifications,
OASIS drafts, and other recommendations, but is not supported by WebSphere Application Server Version 6:
Non-managed client with Web services security. For example, a Java 2 Platform,
Standard Edition (J2SE) client or a Dynamic Invocation Interface (DII) client
The Web services security binding is not collected during the application installation process. It can be configured after the application is deployed.