Show TOC Entering content frame

Component documentation Web Services and Security Locate the document in its SAP Library structure

Security is one of the main prerequisites when using Web services in an enterprise.  Security measures generally concern both the protection of individual servers through authentication, authorization, and encryption as well as the sealing off of an internal infrastructure using firewalls. Security measures for integrated e-business scenarios must be more diverse since they concern the protection of individual services and data.

Security at transport level can be ensured by means of mechanisms used on the Internet. HTTPS sets up an encrypted connection between the client and the server and is suitable for simple situations – for example, when a client communicates directly with a single server. Every single message is sent via an encrypted channel.

This feature of HTTPS, that each message is encrypted, has two disadvantages.

Firstly, many messages have to be encrypted and decrypted on a single server simultaneously. This can have a negative effect on system performance. Furthermore, the information provided using a Web service is not always confidential and must therefore not always be encrypted.

Secondly, a SOAP interaction is not always a point-to-point connection. More than two SOAP nodes can be involved. The additional intermediate nodes obtain information about actions to be executed from the SOAP header. This is not possible in the case of a complete encryption using HTTPS.

At message level, an encryption and signature concept with fine granularity is possible. Here, not the transport canal but the message itself is protected. 

WS Security (OASIS WS Security) is a security model based on SOAP message transfer. WS Security essentially integrates XML Encryption and XML Signature. 

The Web Service Framework currently provides different mechanisms for securing data transfer and assigning authorizations for the processing of documents:

·        Secure communication through use of SSL

·        Document security (XML Signature)

·        Authentication of the client

To use a Web service, the user (or another client) sends a document with the Simple Object Access Protocol (SOAP) to a server. It is sent via the network using the HTTP protocol. The document transmission is safeguarded through the use of HTTP or SSL, or by applying signatures and/or encryption to SOAP documents using OASIS WS Security.

 

Secure Transmission

WS Security

Authentication

Authorization

Configuring Security

Configuring Signature Processing

 

 

 

Leaving content frame