WS-Security

The SAP documentation (see http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/8ebbba66be06b2e10000000a42189b/frameset.htm) describes a list of recommended WS-Security scenarios based on SAP WS-Consumers and WS-Providers.The documentation falls short when it comes to non-SAP WS-Consumers and WS-Providers.The purpose of this Wiki is to fill this gap and to:

• Explain which scenarios are recommended
• Provide example configurations

Choosing a Scenario

Security for SOAP messages can either be implemented by:

1. using transport security (that means https) and providing transport credentials such as username/password or tickets for authentication
2. or by using WS-Security and securing the SOAP message by XML-Signature/XML Encryption and using message credentials such as Username tokens or SAML tokens for authentication
3. or using transport security for ensuring confidentiality of the messages and message credentials such as Username tokens or SAML tokens for authentication.

Therefore when selecting the security for your scenario, you need to asnwer the following questions:

1. What mechanism shall be used for ensuring confidentiality: XML Signature/XML Encryption or https?
2. Does the scenario require single sign-on between WS-Consumer and WS-Provider or is a dedicated service user used