Does the book "SOA Using Java Web Services" talks about WS-Security and its related standards?
I've been reading about these standards (WS-Security, XML Encryption, XML Signature, SAML, XACML) for my Mastership Degree work, and I wonder if there's some resource showing by example how to design a WS-Security-based architecture. Also another question: those are the standards I concluded I will need to implement confidenciality, integrity, authorization and authentication. Did I forget any important one?
And do you have any suggestions of tools to implement these standards?
According to the table of contents, the book deals very little with security explicitly.
To use WS-Security you don't need to implement (or even directly use) any of the other standards you mention. The WS-Sec implementation does that for you (e.g. WSS4J, which is well-integrated with Axis).
Ulf is right. I don't deal much with security in this book - primarily because there is no Java API for WS-Security built into Java EE 5 or Java SE 6. And that is the scope that I defined for the book.
See this blog post for some information about how to do it wth JSR-181 in the XFire toolkit.
JSR-183 is the WS-Security specification. But, not much has happened with it.
Within GlassFish, the WSIT interop framework provides some WS-Security features.