Does the book "SOA Using Java Web Services" talks about WS-Security and its related standards?
I've been reading about these standards (WS-Security, XML Encryption, XML Signature, SAML, XACML) for my Mastership Degree work, and I wonder if there's some resource showing by example how to design a WS-Security-based architecture. Also another question: those are the standards I concluded I will need to implement confidenciality, integrity, authorization and authentication. Did I forget any important one?
And do you have any suggestions of tools to implement these standards?
Thank you in advance, Estevao Rohr.
Joined: Mar 22, 2005
According to the table of contents, the book deals very little with security explicitly.
To use WS-Security you don't need to implement (or even directly use) any of the other standards you mention. The WS-Sec implementation does that for you (e.g. WSS4J, which is well-integrated with Axis).
Ulf is right. I don't deal much with security in this book - primarily because there is no Java API for WS-Security built into Java EE 5 or Java SE 6. And that is the scope that I defined for the book.
See this blog post for some information about how to do it wth JSR-181 in the XFire toolkit.
JSR-183 is the WS-Security specification. But, not much has happened with it.
Within GlassFish, the WSIT interop framework provides some WS-Security features.