O'Reilly logo

Patterns: Implementing Self-Service in an SOA Environment by Fernando Teixeira, Shashi Shrimali, Peter Hood, Sandy Grewal, Diego Cotignola, Anup Aggarwal, Carla Sadtler

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

358 Patterns: Implementing Self-Service in an SOA Environment
Figure 10-42 Point-to-point security with HTTPS
Here are a few simple guidelines to help decide when transport-level security
should be used:
򐂰 No intermediaries are used in the Web service environment.
With intermediaries, the entire message has to be decrypted to access the
routing information. This would break the overall security context.
򐂰 The transport is only based on HTTP.
No other transport protocol can be used with HTTPS.
򐂰 The Web services client is a stand-alone Java program.
WS-Security can only be applied to clients that run in a J2EE container (EJB
container, Web container, application client container). HTTPS is the only
option available for stand-alone clients.
Bus security
The service integration bus provides facilities for secure communication between
service requestors and the bus (inbound to the bus), and between the bus and
any target Web services (outbound from the bus). Security in the bus can be
applied at a number of different levels.
򐂰 Web services security (WS-Security) in the bus
򐂰 HTTP endpoint listener authentication
򐂰 Operation-level authorization
򐂰 Using HTTPS with the bus
򐂰 Proxy server authentication
For more details on how to implement the above security levels in the bus, see
Chapter 22 of WebSphere Version 6 Web Services Handbook Development and
Deployment, SG24-6461.
10.8.2 Web Services Gateway
If you are deploying the application using Network Deployment, you have the
option to deploy your Web services through IBM’s Web Services Gateway. This
option is not available for standalone server environments.
Web service
client
Intermediary
Web service
server
Security Context
Security Context
HTTPS
HTTPS

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required