WS-Security (Deprecated) |
| This topic describes WS-Security in relation to Process Platform. |
|
With WS-Security, you can sign or encrypt parts of SOAP messages. Process Platform supports WS-Security (SOAP Message Security 1.0) for incoming and outgoing SOAP messages, part of Basic Security Profile 1.0.
Signed messages can be exchanged between service groups using WS-Security. Exchanging signed messages may be necessary in highly secure environments. Messages are signed using digital certificates issued by an identity provider. Therefore, for Service Groups to communicate with each other using signed messages, they must trust the same identity provider. To facilitate this, Process Platform provides you with a feature called Security Administration. Refer to Managing Service Group Trust Relation for more information on Security Administration.
Note: Parts of SOAP messages can be encrypted using the public certificate of the target service group. Process Platform supports WS-Security (SOAP Message Security 1.0) for incoming SOAP messages.
There is however an important constraint. If the SOAP message comes in through the Process Platform gateway, it is not possible to encrypt the entire body of the SOAP message. This is due to the gateway requires the namespace in the body node to route the SOAP message to the correct service group. Therefore, the Web service operation node must not be encrypted. The contents of the Web service operation node can be encrypted.
For detailed information about WS-Security support, refer to the following topics: