Start of Content Area

Background documentation WS-SecureConversation  Locate the document in its SAP Library structure

Use

This standard specified by OASIS for Web Services security describes how signatures and encryption are used to protect SOAP messages with X.509 certificates. With the defined security mechanism, a consumer can send a signed and encrypted message to a recipient. He or she uses the public key of the server to encrypt and the private key of the client to sign.

WS-SecureConversation

      Secures SOAP communication over HTTP for Web Services

      Defines how the provider and consumer communicate without using asymmetric encryption, since symmetric encryption saves time

      Ensures unbroken communication, since the key is in the SOAP header (there is no need, for example, to interrupt communication with a reverse proxy)

      Defines how a security context can be set up and shared and how to derive session keys

If not only one, but rather a number of messages are exchanged, it is more efficient for the communication partners to build and share a security context. Also, only public-key cryptography is used to negotiate symmetric keys.

SAP is initially using the security context primarily to allow WS-ReliableMessaging to reuse a security context, so that the server can contact the client.

Prerequisites

To use WS-SecureConversation, the following requirements must be met: No additional configuration is required.

      To use WS-Security XML signatures and encryption with X.509 certificates, you need to enable the use of cryptographic functions for the AS ABAP system. More information: Digital Signatures and Encryption   

      The corresponding option is selected in the configuration (for example, in SOAMANAGER).

      Both the consumer and provider systems have an SSL trust relationship.

More information:

       Configuring the AS ABAP for Supporting SSL   

       Configuring the Use of SSL on the AS Java  

 

End of Content Area