Home -> Toolkit -> Docs -> Development -> 3.9.4 -> Security -> Message -> Developer

GT 3.9.4 Message/Transport-level Security: Developer's Guide

• Introduction
• Architecture and design overview
• Public interface
• Usage scenarios
• Tutorials
• Feature summary
• Tested platforms
• Backward compatibility summary
• Technology dependencies
• Security considerations
• Troubleshooting
• Related Documentation

Introduction

This component contains mainly framework level code and as such developing services and clients utilizing this component does in general involve either programmatically or declaratively driving the framework level security code. Now, what does this entail? On the programmatic side of things it involves acquiring credentials, passing these credentials on to the framework and setting various authentication and protection related flags, either in a descriptor or as properties on a stub object. On the declarative side it involves setting up security descriptors, both client and service side, to prescribe the security policy used to drive the security framework code.

Architecture and design overview

[link to architecture and design docs]

Public interface

The semantics and syntax of the APIs and WSDL for the component, along with descriptions of domain-specific structured interface data, can be found in the public interface guide.

Usage scenarios

[describe how to use the programatic interfaces of the component, provide examples]

Tutorials

[add links to any tutorials - if no tutorials, say "There are no tutorials available at this time"]

Feature summary

Features new in release 3.9.4

• Compliance with published IBM/Microsoft WS-SecureConversation specification
• Compliance with the Web Services Security 1.0 standard

Other Supported Features

• Message encryption, integrity protection and digital signature
• Establishment of a session key for light-weight message protection

Deprecated Features

• GT 3.2 SecureConversation protocol

Tested platforms

WS A&A Message-level and Transport-level Security should work on any platform that supports J2SE 1.3.1 or higher.

Tested Platforms for WS A&A Message-level and Transport-level Security

• Linux (Red Hat 7.3)
• Windows 2000
• Solaris 9

Backward compatibility summary

Protocol changes in WS Authentication and Authorization Message-Level Security since GT version 3.2

• WS-SecureConversation updated to reflect published IBM/Microsoft specification.
• Web Services Security updated to reflect published OASIS standard (1.0).

API changes since GT version 3.2

• N/A

Exception changes since GT version 3.2

• N/A

Schema changes since GT version 3.2

• N/A

Technology dependencies

WS Authentication and Authorization Message-Level Security depends on the following GT components:

• The C implementation depends on C WS Core.
• The Java implementation depends on Java WS Core.

WS Authentication and Authorization Message-Level Security depends on the following 3rd party software:

• Apache WSFX Security Libraries
• PureTLS Libraries
• BouncyCastle JCE provider
• Cryptix Libraries
• Apache XML Security Libraries

Security considerations

[describe security considerations relevant for this component]

Troubleshooting

[TODO]

Related Documentation

[could link to pdfs and whitepapers about protocols, etc re: the component]