It's not a secret anymore!
The moose likes Web Services and the fly likes Mark Hansen - WS-Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "Mark Hansen - WS-Security" Watch "Mark Hansen - WS-Security" New topic

Mark Hansen - WS-Security

Estevao Rohr

Joined: Jan 09, 2007
Posts: 6
Does the book "SOA Using Java Web Services" talks about WS-Security and its related standards?

I've been reading about these standards (WS-Security, XML Encryption, XML Signature, SAML, XACML) for my Mastership Degree work, and I wonder if there's some resource showing by example how to design a WS-Security-based architecture. Also another question: those are the standards I concluded I will need to implement confidenciality, integrity, authorization and authentication. Did I forget any important one?

And do you have any suggestions of tools to implement these standards?

Thank you in advance,
Estevao Rohr.
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
According to the table of contents, the book deals very little with security explicitly.

To use WS-Security you don't need to implement (or even directly use) any of the other standards you mention. The WS-Sec implementation does that for you (e.g. WSS4J, which is well-integrated with Axis).
Mark D. Hansen
Ranch Hand

Joined: May 29, 2007
Posts: 61
Ulf is right. I don't deal much with security in this book - primarily because there is no Java API for WS-Security built into Java EE 5 or Java SE 6. And that is the scope that I defined for the book.

See this blog post for some information about how to do it wth JSR-181 in the XFire toolkit.

JSR-183 is the WS-Security specification. But, not much has happened with it.

Within GlassFish, the WSIT interop framework provides some WS-Security features.

Mark D. Hansen
Founder and President, AgileIT LLC
Author of "SOA Using Java Web Services" -
I agree. Here's the link:
subject: Mark Hansen - WS-Security
It's not a secret anymore!