SOA Security Manager Features

The following SOA Security Manager features enable you to implement secure web services:

Support for several leading web and application servers.
Transport-level and content-level authentication schemes for message authentication without user intervention.
Fine-grained access control model that allows authorization policies to be based on information at any layer of the XML message (transport, envelope, or payload—body of the message).
Full support for generation and consumption of WS-Security (Web Services Security) SOAP headers containing Security Assertion Markup Language (SAML) assertion, X.509v3 certificate, or password digest security tokens. WS-Security support allows authentication and authorization information to be passed securely between multiple web services.
Support for generation and consumption of SAML Session Ticket assertions (which contain an encrypted session ticket and a public key for synchronized sessions). SAML Session Ticket support allows authentication and authorization information to be passed securely between multiple web services within a Policy Server domain.
SOA Security Manager SDK provides two APIs:
- Web Service Client API—A Java API that greatly simplifies the task of creating web service consumer applications.
- SOA Agent Content Helper API—A Java API that allows you to create XML-enabled custom agents for web servers.