This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Services and the fly likes Mark Hansen - WS-Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Mark Hansen - WS-Security" Watch "Mark Hansen - WS-Security" New topic

Mark Hansen - WS-Security

Estevao Rohr

Joined: Jan 09, 2007
Posts: 6
Does the book "SOA Using Java Web Services" talks about WS-Security and its related standards?

I've been reading about these standards (WS-Security, XML Encryption, XML Signature, SAML, XACML) for my Mastership Degree work, and I wonder if there's some resource showing by example how to design a WS-Security-based architecture. Also another question: those are the standards I concluded I will need to implement confidenciality, integrity, authorization and authentication. Did I forget any important one?

And do you have any suggestions of tools to implement these standards?

Thank you in advance,
Estevao Rohr.
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 41073
According to the table of contents, the book deals very little with security explicitly.

To use WS-Security you don't need to implement (or even directly use) any of the other standards you mention. The WS-Sec implementation does that for you (e.g. WSS4J, which is well-integrated with Axis).

Ping & DNS - my free Android networking tools app
Mark D. Hansen
Ranch Hand

Joined: May 29, 2007
Posts: 61
Ulf is right. I don't deal much with security in this book - primarily because there is no Java API for WS-Security built into Java EE 5 or Java SE 6. And that is the scope that I defined for the book.

See this blog post for some information about how to do it wth JSR-181 in the XFire toolkit.

JSR-183 is the WS-Security specification. But, not much has happened with it.

Within GlassFish, the WSIT interop framework provides some WS-Security features.

Mark D. Hansen
Founder and President, AgileIT LLC
Author of "SOA Using Java Web Services" -
I agree. Here's the link:
subject: Mark Hansen - WS-Security
Similar Threads
How to learn WS*?
Mark Hansen - WS-Security
Difference between Web Services 1.0 standard from 2004 and the 1.1 standard from 2006
Next Generation of Web Services
[To Authors] State of the webservices world