Related content:

Question Difference between Authentication Profile and WS Security profile ? Discussion What is the Difference between Soap Service and Http Service Discussion Web Service Security profile, certificates and keystore not working Discussion Web Service Security profile, certificates and keystore not working Question What is the difference between Service Invocations and Web User Invocations Question What is the difference between Unified Service Desk (USD) and Pega Web mash Up. Question Difference between application profile and application document? Question What is the difference between Truststore and Keystore mentioned in WS-Security profile of Connect-SOAP rule in Pega Question Difference between connectors and services Question What is difference between Activity and data transform.

Question

2
Replies
154
Views
DineshKumarD9112 Member since 2017 20 posts
Accenture
Posted: 1 year ago
Last activity: 1 year ago
Closed
Solved

What is the difference between WS Security Profile and Web Service Policy and where to use it what?

Hi All,

I have got confused on where to use WS Security Profile and Web Service Policy. Could you please clear my doubts and also share any article that explains how to configure both for SOAP Services.

Pega Platform Low-Code App Development Dev/Designer Studio
Close popover
Moderation Team has archived post
Posted: 1 year ago

Hi,


Web Services Security (WS-Security) is an extension to SOAP to apply security to Web services.

The protocol specifies how integrity and confidentiality can be enforced on messages and allows the communication of various security token formats, such as Security Assertion Markup Language (SAML), Kerberos, and X.509. Its main focus is the use of XML Signature and XML Encryption to provide end-to-end security.


Web Service policy (WS-Policy) is a specification that allows web services to use XML to advertise their policies (on security, quality of service, etc.) and for web service consumers to specify their policy requirements.

WS-Policy represents a set of specifications that describe the capabilities and constraints of the security (and other business) policies on intermediaries and end points (for example, required security tokens, supported encryption algorithms, and privacy rules) and how to associate policies with services and end points.


Thank You,

Accepted Solution
Posted: 1 year ago

Hi Dinesh,


WS-Policy will describe how senders and receivers can specify their requirements and capabilities.WS-Policy will be fully extensible and will not place limits on the types of requirements and capabilities that may be described; however, the specification will likely identify several basic service attributes including privacy attributes, encoding formats, security token requirements, and supported algorithms. This specification will define a generic SOAP policy format, which can support more than just security policies. This specification will also define a mechanism for attaching service policies to SOAP messages.


WS-Security describes enhancements to SOAP messaging to provide quality of protection through message integrity and message confidentiality. Message integrity is provided by leveraging XML Signature in conjunction with security tokens (which may contain or imply key data) to ensure that messages are transmitted without modifications. Similarly, message confidentiality is provided by leveraging XML Encryption in conjunction with security tokens to keep portions of SOAP messages confidential. Finally, WS-Security describes a mechanism for encoding binary security tokens.


https://community.pega.com/sites/default/files/help_v717/rule-/rule-connect-/rule-connect-soap/advanced.htm


 


Thanks


 
Share this page LinkedIn
Copied!