WS SecureConversation

This standard specified by OASIS for Web Services security describes how signatures and encryption are used to protect SOAP messages with X.509 certificates. With the defined security mechanism, a WS consumer can send a signed and encrypted message to a recipient. He or she uses the public key of the server to encrypt and the private key of the client to sign.

Secures SOAP communication over HTTP for Web Services
Defines how the WS provider and WS consumer communicate without using asymmetric encryption, since symmetric encryption saves time
Ensures unbroken communication, since the key is in the SOAP header (there is no need, for example, to interrupt communication with a reverse proxy)
Defines how a security context can be set up and shared and how to derive session keys

If not only one, but rather a number of messages are exchanged, it is more efficient for the communication partners to build and share a security context. Also, only public-key cryptography is used to negotiate symmetric keys.

SAP is initially using the security context primarily to allow WS-ReliableMessaging to reuse a security context, so that the server can contact the client.

Prerequisites

To use WS-SecureConversation, the following requirements must be met: No additional configuration is required.

To use WS-Security XML signatures and encryption with X.509 certificates, you need to enable the use of cryptographic functions for the AS ABAP system. More information: Digital Signatures and Encryption
The corresponding option is selected in the configuration (for example, in SOA Manager).
Both the WS consumer and WS provider have an SSL trust relationship.
More information:
- Configuring the SAP Web AS for Supporting SSL
- Configuring the Use of SSL on the J2EE Engine