Start of Content Area

Background documentation WS-Security XML Signature/Encryption  Locate the document in its SAP Library structure

Use

WS Security is a standard for securing SOAP messages. By using WS Security, you protect the SOAP messages that are exchanged between the Web service provider and the Web service client with digital XML signatures, XML encryption, time stamps, and security tokens.

Note

WS Security affects only SOAP messages and it not supported for HTTP get profile, HTTP Post, or SOAP with attachments. WS Security is only supported by deployable proxies.

Prerequisites

To use WS-Security XML signatures and encryption with X.509 certificates, you need to enable the use of cryptographic functions for the AS ABAP system. More information: Digital Signatures and Encryption

Features

XML Signatures

Digital signatures are added to a SOAP document in order to ensure the integrity and the authenticity of the message. If parts of the message are changed during transport, the signature becomes invalid and the message is rejected by the receiving party. Signatures can be attached to the client request and the server response. Signatures are always used in combination with a time stamp to prevent repeats of the messages (both the SOAP:Envelope/SOAP:Body element and the SOAP:Envelope/SOAP:Header/wsse:Security/wsu:Timestamp element are signed).

More information: Digital Signatures and Encryption  

Authentication with XML Signatures

You can also use digital signatures for authentication. To do this, the user assignment of users to X.509 certificates in the Security Provider service is provided.

XML Encryption

Encryption is used to protect elements that are sent as part of the SOAP message. This protects the confidentiality of the message and prevents the undesired disclosure of the sent data.

More information: Digital Signatures and Encryption  

Keystores Used

Purpose

Keystore

Storage location of the private key of the system, with which a message can be signed.

Storage location of the trusted certificates that are used to check the signature.

Storage location of the keys for decrypting encrypted messages.

AS Java: Keystore view WebServiceSecurity

AS ABAP: WS Security PSE WS Security Keys (WSSKEY)

Storage location of the keys for sending encrypted messages.

AS Java: Keystore view WebServiceSecurity_Certs

AS ABAP: WS Security PSE Other System Encryption Certs (WSSCRT)

Keystore that contains the certificates that the system has received for unknown reasons. These certificates are automatically created in this Keystore.

AS Java: Keystore view WebServiceSecurity_Unknown

 

More information:

Keystore in AS Java: Using the AS Java Key Storage

Keystore in AS ABAP: Trust Manager

 

End of Content Area