Web security concepts

The Web Services Security specification defines core facilities for protecting the integrity and confidentiality of a message, and provides mechanisms for associating security-related claims with a message.

Web Services Security concepts

The Web Services Security specification defines core facilities for protecting the integrity and confidentiality of a message, and provides mechanisms for associating security-related claims with a message.

Overview of standards and programming models for web services message-level security

Web Services Security standards and profiles describe how to provide security and protection for SOAP messages that are exchanged in a web services environment.

SAML concepts

SAML is an XML-based, OASIS standard for exchanging user identity and security attributes information. In a typical SAML usage scenario, you authenticate to a security domain and request an identity provider to issue SAML assertions.

Generic security token login modules

The generic security token login modules are Java Authentication and Authorization Service (JAAS) login modules. These login modules issue, validate, and exchange security tokens using an external Security Token Service (STS).

Generic security token login module for the token generator

When a web service request is made, the application server calls the generic security login module for the token generator as part of the Web Service Security authentication process.

Generic security token login module for the token consumer

When a web service message is received, the application server calls the generic security token login module for the token consumer as part of the Web Services Security authentication process.