GT 3.9.3 Development Release Notes for Message-level/Transport-level Security

Component Overview

The Web Services portions of GT 3.9.3 use SOAP as their message protocol for communication. WS Authentication and Authorization Message-Level Security implements the WS-Security standard and the WS-SecureConversation specification to provide message protection for SOAP messages. Protection options include authentication of the sender, encryption of the message, integrity protection of the message and replay protection.

Feature Summary

Features new in release 3.9.3

  • Compliance with published IBM/Microsoft WS-SecureConversation specification
  • Compliance with the Web Services Security 1.0 standard

Other Supported Features

  • Message encryption, integrity protection and digital signature
  • Establishment of a session key for light-weight message protection

Deprecated Features

  • GT 3.2 SecureConversation protocol

Bug Fixes

Known Problems

Technology Dependencies

WS Authentication and Authorization Message-Level Security depends on the following GT components:

  • C WS Core
  • Java WS Core

WS Authentication and Authorization Message-Level Security depends on the following 3rd party software:

  • Apache WSFX Security Libraries
  • PureTLS Libraries
  • BouncyCastle JCE provider
  • Cryptix Libraries
  • Apache XML Security Libraries

Tested Platforms

Backward Compatibility Summary

Protocol changes in WS Authentication and Authorization Message-Level Security since GT version 3.2

  • WS-SecureConversation updated to reflect published IBM/Microsoft specification.
  • Web Services Security updated to reflect published OASIS standard (1.0).

API changes since GT version 3.2

  • N/A

Exception changes since GT version 3.2

  • N/A

Schema changes since GT version 3.2

  • N/A

For More Information

Click here for more information about this component.