Authentication of Web Service clients can take place either through the use of an authentication mechanism (for example, HTTP Basic authentication, provided by the HTTP Protocol) or by adding a security token (WS Security). Depending on the authentication mechanism, you have different authentication options at your disposal.
Authentication Mechanism |
Effect |
None |
The Web Service client is not authenticated. |
Authentication at transport |
The Web Service client is authenticated using data that is provided through the HTTP header or the SSL protocol. · Basic Authentication (User ID/Password) Authenticates the caller, based on the user ID and password in the HTTP header. This option is supported for HTTP and HTTPS. · Strong Authentication (X.509 Client Certificate) Authenticates the caller through mutual SSL authentication. The caller must provide an SSL client certificate (see: Using X.509 Client Certificates). For more information, refer to Configuring Security. |
Authentication of the document
|
The Web Service client is authenticated through a security token that is part of the WS security header. · Basic Authentication (User ID/Password) Authenticates the caller, based on the user ID and password in the WS security SOAP header. For more information, refer to Configuring Security. |