Web Services Security

Feature	Type of Change	Description
Support for WS Secure Conversation and Other Security Options	Enhanced	Web services (WS) can use SOAP message security options for fault reporting, message age, and WS Secure Conversation. Fault reporting provides functions to report to the WS provider faults that occurred during the message transmission. Message age provides functions to add elements to reject a WS message that does not arrive within the configured time period. WS secure conversation enables the WS consumer and the WS provider to establish a security context for the communication of WS messages.
Asymmetric signature and encryption	New	More information: WS Security XML Signature/Encryption
Creating a connection with SecureConversation using symmetric signature and encryption or asymmetric signature and encryption.	New	SecureConversation can now be created using not only SSL, but also using symmetrical signature and encryption and asymmetric signature and encryption. More information: Configuring WS-Securtiy UsernameToken and WS-SecureConversation (Symmetric Connection Creation) Configuring SAML Sender-Vouches and WS-SecureConversation (Asymmetric Connection Creation)
Requesting and receiving security tokens from the Security Token Service (STS)	New	As a WS provider system, the AS ABAP can process SAML 1.1 and SAML 2.0 tokens that are issued by an external STS. As a WS consumer system, AS ABAP can request tokens of this type from the STS. For more information, see Single Sign-On with an External Security Token Service .
Enhanced protection of signature and header	New	When configuring the provider system in the SOA Manager, the new configuration option Enhanced Protection of Signature and Header is available to you using features defined in WS Security 1.1. With this setting, you activate the functions signature confirmation, signature encryption, and header encryption. For more information, see Enhanced Protection of Signature and Header .

Feature	Type of Change	Description
Web Service Message Confidentiality with XML Encryption	New	The SAP NetWeaver AS Java enables the use of XML encryption for protecting the confidentiality of Web service messages. XML encryption in SAP NetWeaver is based on the OASIS standard for WS-Security and enables protection of the confidentiality of the message sections in the SOAP envelop without relying on network transmission security mechanisms such as Secure Sockets Layer.
WS Consumer and Provider Authentication Using SAML Token Profile	New	Web service messages can use Security Assertion Markup Language (SAML) token profiles for AS Java Web service message authentication. Web service message authentication with SAML token profiles enables authentication with the Sender Vouches Subject Confirmation Method, where the WS consumer system has a preconfigured trust relationship with the WS provider system.
Support for WS Secure Conversation and Other Security Options	Enhanced	Web services (WS) can use SOAP message security options for fault reporting, message age, and WS Secure Conversation. Fault reporting provides functions to report to the WS provider faults that occurred during the message transmission. Message age provides functions to add elements to reject a WS message that does not arrive within the configured time period. WS secure conversation enables the WS consumer and the WS provider to establish a security context for the communication of WS messages.
Asymmetric signature and encryption	New	More information: WS Security XML Signature/Encryption