File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Services and the fly likes WS-Security and SOA Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "WS-Security and SOA" Watch "WS-Security and SOA" New topic

WS-Security and SOA


Joined: Mar 18, 2002
Posts: 1
I have been looking at WS-security and really can't tell which way to go. So I could really need a little input.

At my company we have done a couple of web services just for inhouse usage. We are now planning to expand this and start building services for external customers. Of course we want to secure our services with ws-security.

Should I use X.509 certificates when signing and encrypting messages or should I use other Tokens, like UserNameToken, CustomToken etc? Every turtorial I have seen uses certificates but I'm not so fond of start creating certificates for every service and customer? Any thougths?

William Barnes
Ranch Hand

Joined: Mar 16, 2001
Posts: 986

Do you want to encrypt the transaction? You can validate who you are talking to using things like SAML assertions, but if you want to encrypt you need certificates.

Please ignore post, I have no idea what I am talking about.
I agree. Here's the link:
subject: WS-Security and SOA
It's not a secret anymore!