Configuration Guides › Policy Server Configuration Guide › Authentication Schemes › WS‑Security Authentication › Additional WS‑Security Features › XML Encryption › XML Encryption and Decryption Service Use Case

XML Encryption and Decryption Service Use Case

In multistep and chain authentication service models, encryption or decryption may be considered part of message preparation before sending to the ultimate destination. Thus, the SOA Security Manager XML encryption and decryption functionality might typically be used to implement a WS‑Security encryption or decryption web service.

For example, consider a business relationship between two companies—Company A and Company B. Company A wants to end detailed bids on contracts to Company B without unauthorized personnel at Company B seeing the message (as would be the case if it was simply sent over an SSL link).

To implement this business logic using SOA Security Manager-protected web services, Company A develops the following:

• A web service consumer application that takes the bid, places it in XML format and wraps it with SOAP headers, placing Company B’s X.509 certificate in a WS‑Security header. The application then sends it to Company A’s encryption web service.
• An encryption web service protected by the WS‑Security authentication scheme and an authorization policy configured to do the following:
  • Obtain the intended recipient's public key certificate (in this case Company B's certificate) from the message headers
  • Encrypt the required header and message elements.

  The encryption web service then forwards the encrypted message to a decryption web service at Company B.

Company B develops a Decryption web service protected by the WS‑Security authentication scheme and an authorization policy configured to deliver the decrypted version of message header/body elements.