I was disappointed that there was not better coverage of Authorization/Authentication/Encryption for Web Services in "Spring In Action" and "Roo in Action".
I assume JAAS has some of these features. Can someone recommend a good resource, a book perhaps, that explains JAAS basic/digest, X509 Certificates, SSL, various standards for passing credentials, and other concerns with putting a REST or XML Web service behind a pay wall? Why are these topics not covered in books on Spring? Do I need to look in EJB books? Do I need to look in Web Server books like the Tomcat book? Where should I look?
I'm developing an public API for some proprietary algorithms I want to put behind a pay wall. I need to selected a vitalization service like Amazon S3 or Azure to host it and I would like to see a discussion of my various options (besides sending passwords as clear text with Basic authentication).