Identifying security/authentication mechanism from WSDL

Sorry if I am posting this again but I am newbie in Web Services and recently been tasked to work upon SOAP Web services. Before even I create stubs, I would like to understand about various security mechanisms allowed for SOAP Web Services.

Like I said, WSDL has been provided to me from service provider and I need to understand, what kind of security I need to apply i.e. Transport level Authentication, Header based security tokenization etc? I am throwing these words since somebody told me something about it but how can I find and validate it with my WSDL?

If you can throw any pointers/book, it would be highly appreciable.

You will need to ask the WS provider what security mechanisms are in place.

Thanks Ulf, so you mean by no way I can identify any security parameters from provided WSDL?

It can be specified in the WSDL via WS-Policy, but that's not always the case: http://www.ibm.com/developerworks/opensource/library/j-jws18/index.html

Ulf Dittmer wrote:It can be specified in the WSDL via WS-Policy, but that's not always the case: http://www.ibm.com/developerworks/opensource/library/j-jws18/index.html

Thanks Ulf, I also got a chance to read your article and I loved reading it. Let me go through these policies from IBM and come back with my questions. Meanwhile, as I requested earlier, would you recommend any complete reference for Web Services specifically for SOAP?

The best reference would be the various WS-* specifications. If you're actually looking for introductions, check the WebServicesFaq.