Using Web Services Security Policies
ActiveMatrix BusinessWorks allows you to specify security policies for inbound and outbound SOAP messages. The security policies follow Web Services Security: SOAP Message Security 1.0 (WS-Security 2004) OASIS Standard 200401. You can find out more about this standard at http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.
You define security policies in the Security Policy shared configuration resource. You can define one policy to share among all of your web services, or you can define multiple policies to use on a per-resource basis. You can include the following attributes within a policy:
-
Authentication — whether messages must be authenticated. Authentication can be performed either with usernames and passwords or with X.509 compliant certificates.
-
Integrity — whether messages must be validated with a signature to ensure the message has not been altered since its creation.
-
Confidentiality — whether messages are encrypted or unencrypted.
-
Timeout — whether messages should expire after a certain time.
See
for more information about the Security Policy Resource.