Web Service Runtime Configuration 
Security Pre-Settings at Design Time
You make security pre-settings during the Web service design in the Enterprise Services Repository for service interfaces by choosing a security profile and in the relevant AS ABAP development environment.
AS ABAP: Creating a Service Definition
Security Settings at Runtime
In the runtime configuration, you can configure service providers individually or together using profiles.
Transport Level
HTTPS
HTTP communication that is secured with SSL (Secure Sockets Layer)
More information: Configuring the AS ABAP for Supporting SSL
HTTP Authentication
The authentication information is found in the HTTP header.
User Name/Password (Basic)
X.509 Certificate
Authentication with an X.509 certificate.
Logon Ticket
Authentication with an SAP Assertion Ticket.
Message Authentication
The authentication information is found in the SOAP header.
User Name/Password (Basic)
Authentication with WS Security UsernameToken
X.509 Certificate
Authentication with a signed SOAP message, user authentication by certificate
SAML Assertion
Authentication with a signed SAML 1.1 Assertion
More information: SAML Token Profile
To use an external security token service to receive or request a SAML 1.1 token, select a Token Issuer.
More information: Single Sign-On with an External Security Token Service
Message Security/WS Security
The security settings affect the SOAP document.
WS secure conversion version 1.3
Messages are secured with a pre-defined symmetrical key. The key is re-used in further calls.
Add/Require Signature and Add/Require Encryption
Messages are secured with an XML signature and XML encryption with asymmetrical keys.
External Signature and Header Protection
You can activate the functions signature confirmation, signature encryption, and header encryption. More information: Enhanced Protection for Signature and Header
You choose one of the predefined security settings during the runtime configuration for the service consumer.
Service Groups
You can define a group of services that are consumed together from the same system.
More information on security-related aspects for service groups: Security Considerations for Service Groups
Local Web Services Calls
Security properties are not taken into account when configuration for local calls is created.
Security Settings for Logging and Tracing
You can configure security settings for logging and tracing to analyze why service calls fail.
More information: Web Service Logging and Tracing
Service Metering
Service metering provides information about which client components are consuming which Web services. The service provider collects technical information about the caller and stores the metering data. When configuring a Web service consumer, you can decide about the amount of information that is transferred to the provider. If you do not have information on where and how the Web service is provided, choose the minimal data transfer level.