How can an administrator configure Web services security?
A . Customize WS-Security policy set and bindings and attach to Web services.
B . Configure global security with LDAP authentication and map the configuration to Web services.
C . Request application developer to use Web Services Security API to achieve Web services security.
D . Enable the Web Services Metadata Exchange (WS-MetadataExchange) protocol to enable message-level security.
Answer: C
Explanation:
The Web Services Security specification provides a flexible framework for building secure web services to implement message content integrity and confidentiality. The Web Services Security service programming model supports this flexible framework by providing extension points to integrate new token formats, and methods to obtains keys needed for message protection. The application server programming model provides Web Services Security programming application programming interfaces (WSS API) for securing SOAP messages.
Note: WS-Security is a message-level standard that is based on securing SOAP messages through XML digital signature, confidentiality through XML encryption, and credential propagation through security tokens. The Web services security specification defines the facilities for protecting the integrity and confidentiality of a message and provides mechanisms for associating security-related claims with the message.