Supported Web Service Security Standards

TDV supports the following Web Service client security standards:

•

Passwords in HTTP / SOAP headers during Web Service invocations to or from TDV Server in clear text, base64-encoded

•

WS-Security for Web Service clients (next section)

•

WSSE UsernameToken SOAP headers, used instead of transmitting usernames and passwords (composite domain only). For this to work, the Store User Password configuration parameter must be changed to True from its default setting of False.

•

X-WSSE UsernameToken HTTP extension header instead of transmitting usernames and passwords (composite domain only)

•

Use of WSSE and X-WSSE authentication require the server to be configured to store passwords in the repository rather than hash values.

•

NTLM authentication through an NTLM header

•

NTLM authentication through a Negotiate header

•

Kerberos authentication through a Negotiate header

Data source Web Service invocations from TDV Server can support SSL with or without client authentication (if the data source supports SSL).

The following security policies, in the form of XML files, are provided for Web Service clients.

Transport or Standard	System Security Policy	Description
HTTP	Http-Basic-Authentication.xml	Policy that requires a user name and password when making a request.
HTTP	Http-UsernameToken-Digest.xml	Policy that validates against a UsernameToken header encrypted using a nonce value.
HTTP	Http-UsernameToken-Plain.xml	Policy that validates against a UsernameToken header. The password can be in plain text.
HTTPS	Https-Basic-Authentication.xml	Policy that requires a user name and password when making a request.
HTTPS	Https-ClientCertificateRequire.xml	Policy that requires client certificates.
HTTPS	Https-UsernameToken-Digest.xml	Policy that validates against a UsernameToken header encrypted using a nonce value.
HTTPS	Https-UsernameToken-Plain.xml	Policy that validates against a UsernameToken header. The password can be in plain text.
SOAP	UsernameToken-Digest.xml	Policy that validates against a UsernameToken header encrypted using a nonce value.
SOAP	UsernameToken-PlainText.xml	Policy that validates against a UsernameToken header. The password can be in plain text.
SAML	Saml1.1-Bearer-Wss1.1.xml	Method in which the bearer assertion is used to facilitate single sign-on to the web browser.
SAML	Saml1.1-HolderOfKey-Wss1.0.xml	Method that establishes a correspondence between a SOAP message and the SAML assertions added to the SOAP message.
SAML	Saml1.1-SenderVouches-Wss1.1.xml	Subject-confirmation method that enables an attesting entity to vouch for the identity of a subject to a party that trusts the sender.