Home -> Toolkit -> Docs -> Development -> 3.9.5 -> Security -> Message

GT 3.9.5 Component Fact Sheet: WS A&A Message/Transport-level Security

• Brief overview
• Summary of features
• Usability summary
• Backward compatibility summary
• Technology dependencies
• Tested platforms
• For more information

Brief overview

The Web Services portions of GT 3.9.5 use SOAP over HTTP as their message protocol for communication.

WS Authentication and Authorization Message-Level Security implements the WS-Security standard and the WS-SecureConversation specification to provide message protection for SOAP messages. Features include authentication of the sender, encryption of the message, integrity protection of the message and replay protection.

WS Authenitcation and Authorization Transport-Level Security provides a secure channel by using HTTP over SSL/TLS (HTTPS) for transporting the messages. This security mechanism supports all the security features provided by SSL/TLS with the addition of support for X.509 Proxy Certificates.

Summary of features

Features new in release 3.9.5

• Compliance with published IBM/Microsoft WS-Trust and WS-SecureConversation specifications
• Compliance with the Web Services Security 1.0 standard
• HTTPS support

Other Supported Features

• Message encryption, integrity protection and replay attack prevention
• Establishment of a session key for light-weight message protection

Deprecated Features

• GT 3.2 SecureConversation protocol

Usability summary

Usability improvements for WS A&A Message-/Transport-level Service:

• improvement #1
• ...
• improvement #n

Backward compatibility summary

Protocol changes in WS Authentication and Authorization Message-Level Security since GT version 3.2

• WS-SecureConversation updated to reflect published IBM/Microsoft specification.
• Web Services Security updated to reflect published OASIS standard (1.0).

API changes since GT version 3.2

• N/A

Exception changes since GT version 3.2

• N/A

Schema changes since GT version 3.2

• N/A

Technology dependencies

WS Authentication and Authorization Message-Level Security depends on the following GT components:

• The C implementation depends on C WS Core.
• The Java implementation depends on Java WS Core.

WS Authentication and Authorization Message-Level Security depends on the following 3rd party software:

• Apache WSFX Security Libraries
• PureTLS Libraries
• BouncyCastle JCE provider
• Cryptix Libraries
• Apache XML Security Libraries

Tested platforms

WS A&A Message-level and Transport-level Security should work on any platform that supports J2SE 1.3.1 or higher.

Tested Platforms for WS A&A Message-level and Transport-level Security

• Linux (Red Hat 7.3)
• Windows 2000
• Solaris 9

For More Information

Click here for more information about this component.