Meaningless Drivel is fun!*
The moose likes Web Services and the fly likes WS-Security and SOA Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "WS-Security and SOA" Watch "WS-Security and SOA" New topic

WS-Security and SOA


Joined: Mar 18, 2002
Posts: 1
I have been looking at WS-security and really can't tell which way to go. So I could really need a little input.

At my company we have done a couple of web services just for inhouse usage. We are now planning to expand this and start building services for external customers. Of course we want to secure our services with ws-security.

Should I use X.509 certificates when signing and encrypting messages or should I use other Tokens, like UserNameToken, CustomToken etc? Every turtorial I have seen uses certificates but I'm not so fond of start creating certificates for every service and customer? Any thougths?

William Barnes
Ranch Hand

Joined: Mar 16, 2001
Posts: 984

Do you want to encrypt the transaction? You can validate who you are talking to using things like SAML assertions, but if you want to encrypt you need certificates.

Please ignore post, I have no idea what I am talking about.
I agree. Here's the link:
subject: WS-Security and SOA
Similar Threads
AXIS2 WS-Security
SSL and certificates Configuration in WebSphere Application Server 7
certificates and keys for ws-security
Web Services Security
SOA Security