What is the best approach for webservices security in webMethods 8 ?
There are different versions of a “best approach” for implementing security at WS level. What is your current implementation?
These are few ways that i had a chance to implement,
- You can use ACL’s,Groups and users to control access to the WSD’s and operations in it.
- You can use WS Security using WSD headers in the Provider WSD.
- You can implement a custom Gateway to manage access to the web services based on application origin (in the SOAP Body a field).
Cheers,
Akshith
Hi Akshish ,
Thanks for your reply .
We are using soap over http protocol in our webserives and i would prefer to go for WS security by making use of any existing policy file in config folder.What are the pre-requisites here and how shall i proceed further ?
Do we need certiificate for implementing message level secuty ?
While implementing WS headers, Policy files will help you define the auth,signing and encryption information for a web service. This will create the defined fields in the SOAP Header.
Refer to the 8-0-SP1_Web_Services_Developers_Guide.pdf for more information on the policy files. There is a sample policy file with some attributes defined in the same guide on page 134.
Cheers,
Akshith