Overview

Authentication

PPM Web services uses the Web services Security specification (WS-Security) to secure SOAP message exchanges. PPM Web services relies on a Rampart module integrated with Axis2 Web service engine to provide WS-Security support.

For more information about WS-Security specification, go to the following site:

http://www.oasis-open.org/specs/index.php#wssv1.1

The WS-Security specification defines a set of standard SOAP headers to provide quality of protection through the following mechanisms:

• Message integrity (XML signature)

• Message confidentiality (XML encryption)

• Single message authentication (User name token authentication, Kerberos authentication, X509 certificate authentication, and so forth.)

These mechanisms can be used to accommodate a wide variety of security models. The WS-Security specification is considered a message-level authentication protocol because all security information is carried within the SOAP message.

Out of the box, PPM supports WS-Security user name token authentication, timestamp validation, and encryption of WS-Security headers. PPM also supports HTTP basic authentication (HTTP transport-level authentication protocol), as well as HTTPS (secure) authentication.

PPM Web services can also be integrated with third-party single sign-on software such as SiteMinder.

Authorization

PPM Web services follows the same authorization model as Web applications. Refer to the Security Model Guide and Reference for details on specific functional areas. This section focuses only on authentication.