Security Features Guide > TDV Security Features by Component > Web Service Client Security > Supported Web Service Security Standards
 
Supported Web Service Security Standards
TDV supports the following Web Service client security standards:
Passwords in HTTP / SOAP headers during Web Service invocations to or from TDV Server in clear text, base64-encoded
WS-Security for Web Service clients (next section)
WSSE UsernameToken SOAP headers, used instead of transmitting usernames and passwords (composite domain only). For this to work, the Store User Password configuration parameter must be changed to True from its default setting of False.
X-WSSE UsernameToken HTTP extension header instead of transmitting usernames and passwords (composite domain only)
Use of WSSE and X-WSSE authentication require the server to be configured to store passwords in the repository rather than hash values.
NTLM authentication through an NTLM header
NTLM authentication through a Negotiate header
Kerberos authentication through a Negotiate header
Data source Web Service invocations from TDV Server can support SSL with or without client authentication (if the data source supports SSL).
The following security policies, in the form of XML files, are provided for Web Service clients.
Transport or Standard
System Security Policy
Description
HTTP
Http-Basic-Authentication.xml
Policy that requires a user name and password when making a request.
HTTP
Http-UsernameToken-Digest.xml
Policy that validates against a UsernameToken header encrypted using a nonce value.
HTTP
Http-UsernameToken-Plain.xml
Policy that validates against a UsernameToken header. The password can be in plain text.
HTTPS
Https-Basic-Authentication.xml
Policy that requires a user name and password when making a request.
HTTPS
Https-ClientCertificateRequire.xml
Policy that requires client certificates.
HTTPS
Https-UsernameToken-Digest.xml
Policy that validates against a UsernameToken header encrypted using a nonce value.
HTTPS
Https-UsernameToken-Plain.xml
Policy that validates against a UsernameToken header. The password can be in plain text.
SOAP
UsernameToken-Digest.xml
Policy that validates against a UsernameToken header encrypted using a nonce value.
SOAP
UsernameToken-PlainText.xml
Policy that validates against a UsernameToken header. The password can be in plain text.
SAML
Saml1.1-Bearer-Wss1.1.xml
Method in which the bearer assertion is used to facilitate single sign-on to the web browser.
SAML
Saml1.1-HolderOfKey-Wss1.0.xml
Method that establishes a correspondence between a SOAP message and the SAML assertions added to the SOAP message.
SAML
Saml1.1-SenderVouches-Wss1.1.xml
Subject-confirmation method that enables an attesting entity to vouch for the identity of a subject to a party that trusts the sender.