GeeCON Prague 2014*
The moose likes Web Services and the fly likes WS-Security and SOA Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Web Services
Bookmark "WS-Security and SOA" Watch "WS-Security and SOA" New topic
Author

WS-Security and SOA

peter
Greenhorn

Joined: Mar 18, 2002
Posts: 1
I have been looking at WS-security and really can't tell which way to go. So I could really need a little input.

Background:
At my company we have done a couple of web services just for inhouse usage. We are now planning to expand this and start building services for external customers. Of course we want to secure our services with ws-security.

Question:
Should I use X.509 certificates when signing and encrypting messages or should I use other Tokens, like UserNameToken, CustomToken etc? Every turtorial I have seen uses certificates but I'm not so fond of start creating certificates for every service and customer? Any thougths?

/Peter
William Barnes
Ranch Hand

Joined: Mar 16, 2001
Posts: 986

Do you want to encrypt the transaction? You can validate who you are talking to using things like SAML assertions, but if you want to encrypt you need certificates.


Please ignore post, I have no idea what I am talking about.
 
GeeCON Prague 2014
 
subject: WS-Security and SOA