Glossary of Message SecurityTerminology
Theterminology used in this document is described below. The concepts are also discussed in
“Conguringthe Enterprise Server for Message Security” on page 133.
AuthenticationLayer
Theauthentication layer is the message layer on which authentication processing must be
performed.The Enterprise Server enforces web services message security at the SOAP layer.
AuthenticationProvider
Inthis release of the Enterprise Server, the Enterprise Server invokes authentication
providersto process SOAP message layer security.
Aclient-sideprovider establishes (by signature or username/password) the source
identityof request messages and/or protects (by encryption) request messages such that
theycan only be viewed by their intended recipients. A client-side provider also
establishesits container as an authorized recipient of a received response (by successfully
decryptingit) and validates passwords or signatures in the response to authenticate the
sourceidentity associated with the response. Client-side providers congured in the
EnterpriseServer can be used to protect the request messages sent and the response
messagesreceived by server-side components (servlets and EJB components) acting as
clientsof other services.
Aserver-sideprovider establishes its container as an authorized recipient of a received
request(by successfully decrypting it) and validates passwords or signatures in the
requestto authenticate the source identity associated with the request. A server-side
provideralso establishes (by signature or username/password) the source identity of
responsemessages and/or protects (by encryption) response messages such that they can
onlybe viewed by their intended recipients. Server-side providers are only invoked by
server-sidecontainers.
DefaultServer Provider
Thedefault server provider is used to identify the server provider to be invoked for any
applicationfor which a specic server provider has not been bound. The default server
provideris sometimes referred to as the default provider.
DefaultClient Provider
Thedefault client provider is used to identify the client provider to be invoked for any
applicationfor which a specic client provider has not been bound.
RequestPolicy
Therequest policy denes the authentication policy requirements associated with request
processingperformed by the authentication provider. Policies are expressed in message
senderorder such that a requirement that encryption occur after content would mean that
themessage receiver would expect to decrypt the message before validating the signature.
ResponsePolicy
UnderstandingMessage Security in the Enterprise Server
Chapter10 • Conguring Message Security 131