Previous Topic: Authentication Service ModelsNext Topic: Configure Authentication Schemes to Verify User Identities Obtained from Web Service Requests

Web Services Security GuidesCA SiteMinder® Web Services Security Policy Configuration GuideIntroducing CA SiteMinder® Web Services SecurityHow to Develop and Deploy CA SiteMinder® Web Services Security Protected Web Services

How to Develop and Deploy CA SiteMinder® Web Services Security Protected Web Services

To develop a web service implementation protected with CA SiteMinder® Web Services Security, do the following:

  1. Determine how many web services, locally or at federated sites, will be used to perform the required functionality.
  2. Choose an authentication service model by determining the following:
  3. For each web service in your web service implementation, determine the following:
    1. Define the service interface. The simplest form of interface for a web service can be specified as a set of XML schemas. These schemas dictate the type of XML document to be sent to the web service and what type of document the sender can expect in return.
    2. Build the web service implementation to accommodate an incoming XML document of the type specified in the interface and turn that XML document into a meaningful set of calls to the integrated back-end systems that the web service exposes.
    3. Deploy your web service implementation to a web server or application server protected by a SiteMinder WSS Agent. You direct consumers of your web service to send their XML message requests to this URI to access the web service.
    4. Configure CA SiteMinder® Web Services Security policies to determine how the SiteMinder WSS Agent should authenticate, authorize, and process the XML message before it passes it onto the web service implementation for handling.

      Once it receives a message from the SiteMinder WSS Agent, the web service should return an applicable XML response to the calling web service consumer application or the next.