Recommended WS Security ScenariosLocate this document in the navigation structure

We recommend a number of scenarios that combine authentication mechanisms and connection security. The table below provides you with assistance in deciding which scenario is useful when.

The scenarios are divided by the logon mechanisms used for logging on to the WS provider. Some scenarios use a fixed service user, while with others, the identity of the user logged on to the WS consumer is propagated to the WS provider (Single Sign-On). Single Sign-On can be implemented using a number of techniques, depending on the authentication method in use.

Web Service messages can be passed through any number of connections and, potentially, many intermediary stations. Point-to-point or connection-oriented security at the HTTP transport level may be insufficient or inappropriate for supporting this decoupled interaction. Security at the message level, on the other hand, guarantees security between the end points that is independent of the security used between the intermediary stations.

Table 1: Decision Matrix

Scenario (Authentication + Connection Security)

Single Sign-On (Propagation of the Identity of the WS User)

Security at Message Level

SAML & WS SecureConversation

X

X

WS Security UsernameToken & WS SecureConversation

 

X

User ID and Password in HTTP Header & HTTPS

   

Authentication Assertion Ticket & HTTPS

X

  

X.509 SSL Client Certificate through HTTPS

   

WS Security: X.509 Certificate Authentication at Message Level

 

X
Related Information
Authentication for Web Services
Configuration Examples for AS ABAP
Configuration Examples for AS Java