• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Mark Hansen - WS-Security

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Does the book "SOA Using Java Web Services" talks about WS-Security and its related standards?

I've been reading about these standards (WS-Security, XML Encryption, XML Signature, SAML, XACML) for my Mastership Degree work, and I wonder if there's some resource showing by example how to design a WS-Security-based architecture. Also another question: those are the standards I concluded I will need to implement confidenciality, integrity, authorization and authentication. Did I forget any important one?

And do you have any suggestions of tools to implement these standards?

Thank you in advance,
Estevao Rohr.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
According to the table of contents, the book deals very little with security explicitly.

To use WS-Security you don't need to implement (or even directly use) any of the other standards you mention. The WS-Sec implementation does that for you (e.g. WSS4J, which is well-integrated with Axis).
 
author
Posts: 61
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ulf is right. I don't deal much with security in this book - primarily because there is no Java API for WS-Security built into Java EE 5 or Java SE 6. And that is the scope that I defined for the book.

See this blog post for some information about how to do it wth JSR-181 in the XFire toolkit.

JSR-183 is the WS-Security specification. But, not much has happened with it.

Within GlassFish, the WSIT interop framework provides some WS-Security features.
 
What's brown and sticky? ... a stick. Or a tiny ad.
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic