Chapter 8. Router solutions using Web Services Gateway 163
? Protect your services from non-authorized access.
Web Services Gateway provides a basic authentication and authorization
mechanism based upon the broader security features of WebSphere
Application Server. For more information, see “Basic authentication and
authorization facilities” on page 211.
You can also use the WS-Security support of the Web Services Gateway to
implement authentication and authorization controls.
? When possible, implement security solutions based on common
specifications, like WS-Security, facilitating interoperability.
You can configure the gateway for secure transmission of SOAP messages
using tokens, keys, signatures and encryption in accordance with the Web
Services Security (WS-Security) draft recommendation.
Security issues are discussed more in “Security” on page 211.
SOAP transport protocol
In principle, SOAP is transport protocol independent and can therefore
potentially use a variety of protocols (such as HTTP, JMS, SMTP, and others) to
connect the Web service requestor and the provider.
HTTP is currently the most popular transport protocol for SOAP. The reasons for
this mainly result from the following advantages:
? HTTP is the de facto standard on the Internet
? HTTP is wide spread
? HTTP is supported from most programming languages
? HTTP has a simple extension for security, HTTPS
? HTTP needs no complex infrastructure
But there are also some important limitations:
? HTTP is optimized for use in browser and end-user scenarios
? HTTP is a stateless communication protocol
? HTTP does not provide reliable communication
? HTTP establishes a point-to-point connection
These limitations are usually acceptable for human-to-machine communication
using a Web browser. This may not be valid when switching to
machine-to-machine communication. The requirements in machine-to-machine
communication are usually more complex and other transport protocols may be
more suitable.
For example, if you need assured, once-only delivery, message-oriented
middleware may be more suitable. In Java you can use Java Messaging Service
(JMS) with IBM WebSphere MQ. The advantages are: