Web services validating the sender
Transport-level security secures the communications channel between applications.An example of a transport-level security protocol is Secure Socket Layer (SSL), otherwise known as Transport Layer Security (TLS), the Internet Engineering Task Force (IETF) officially standardized version of SSL.For more information about the specifications and standards supported by Web services, see Appendix A, "Web Service Security Standards." Oracle Web Services Manager (WSM) is designed to define and implement Web services security in heterogeneous environments, including authentication, authorization, message encryption and decryption, signature generation and validation, and identity propagation across multiple Web services used to complete a single transaction.Security concepts can be divided into those that pertain to the transport level and to the application level.(SSL provides point-to-point security, as opposed to end-to-end security.) SSL can be used in three modes: SSL uses a combination of secret-key and public-key cryptography to secure communications.
This chapter describes the concepts behind Web services security.
Public-key certificates (or certificates, for short) are used to guarantee the integrity of public keys.
Web services security requirements are supported by industry standards both at the transport level (Secure Socket Layer) and at the application level relying on XML frameworks.
However, Web services security systems such as OWSM only use SAML assertions.
The protocol and bindings are taken care of by WS-Security and the transport protocol, for example HTTP.
When using digest authentication: The advantage of digest authentication is it is resistant to replay attacks.