Database Reference
In-Depth Information
Putting it all together
Typically in OWSM, a service policy is attached to a
Policy Subject
to enforce a
set of predefined security rules. A Policy Subject is either a web service or a web
service client. Both end services and their clients must be able to communicate
with each other properly, often requiring a policy to be attached to both of them.
If an end service is protected with a certain policy, a corresponding client policy
is attached to the client in order to transform the outgoing SOAP message to a
format expected by the server side policy. OWSM performs the following func-
tions—many of them are discussed shortly in this chapter—to implement secur-
ity between a client and a service:
•
Intercepts the SOAP message request for the end service at the client side.
•
Creates and injects a relevant token, depending on the policy defined, if the
end service is protected by a security authentication or authorization token.
•
Encrypts and digitally signs a message, if message protection and confiden-
tiality has to be enforced.
•
At the server side, OWSM extracts the relevant tokens in the message to
verify the client's credentials against the configured identity store, checks the
message timestamp, and also decrypts it, if it is encrypted.
