Assigning Message Security Responsibilities
Message security responsibilities are assigned to the following:
Application Developer
The application developer can implement message security, but is not responsible for doing so. Message security can be set up by the System Administrator so that all web services are secured, or set up by the Application Deployer when the Application Server provider configuration is insufficient.
The application developer or assembler is responsible for the following:
- Determining if an application-specific policy is necessary for an application. If so, ensure that policy is satisfied at application assembly, or communicate the requirement for application-specific message security to the Application Deployer, or take care of implementing application-specific message security, if applicable.
- Determining if message security is necessary at the Application Server level. If so, ensure that need is communicated to the System Administrator, or take care of implementing message security at the Application Server level, if applicable.
Application Deployer
The application deployer is responsible for:
- Securing the application if it has not been appropriately secured by upstream roles (the developer or assembler) and only if an application-specific policy is appropriate for the application.
- Implementing application-specific security by adding the message security binding to the web service endpoint.
- Modifying Sun-specific deployment descriptors to add message binding information.
These security tasks are discussed in the Securing Applications chapter of the Developers’ Guide. For a link to this chapter, see "Further Information".
System Administrator
The system administrator is responsible for:
- Configuring message security providers on the Application Server.
- Managing user databases.
- Managing keystore and truststore files.
- Configuring a Java Cryptography Extension (JCE) provider if using Encryption and running a version of the Java SDK prior to version 1.5.0.
- Installing the samples server in order to work with the example message security applications.
A system administrator uses the Admin Console to manage server security settings and keytool
to manage certificates. This document is intended primarily for system administrators. For an overview of message security tasks, see "Configuring the Application Server for Message Security".
Legal Notices