Best approach for webservices security in webmethods 8

What is the best approach for webservices security in webmethods 8 ?

There are different versions of a “best approach” for implementing security at WS level. What is your current implementation?

These are few ways that i had a chance to implement,

  • You can use ACL’s,Groups and users to control access to the WSD’s and operations in it.
  • You can use WS Security using WSD headers in the Provider WSD.
  • You can implement a custom Gateway to manage access to the web services based on application origin (in the SOAP Body a field).


Hi Akshish ,

Thanks for your reply .
We are using soap over http protocol in our webserives and i would prefer to go for WS security by making use of any existing policy file in config folder.What are the pre-requisites here and how shall i proceed further ?

Do we need certiificate for implementing message level secuty ?

While implementing WS headers, Policy files will help you define the auth,signing and encryption information for a web service. This will create the defined fields in the SOAP Header.

Refer to the 8-0-SP1_Web_Services_Developers_Guide.pdf for more information on the policy files. There is a sample policy file with some attributes defined in the same guide on page 134.