WS Security

As mentioned earlier, the WS Security specification and an addendum to it were initially published by IBM, Microsoft and VeriSign and have now been submitted to OASIS for further development as a standard. At the time of finalizing this chapter (May 2003), the OASIS Technical Committee has not published the final specification. So our discussion here is going to be based on the original proposed specification and the addendum to it. It goes without saying that there are no standard Java APIs for it.

Why bother covering WS Security if it is yet not a standard and there are no standard Java APIs for it? The reason has to do with its significance to Web services security. Transport-level security is just not adequate for a number of ...

Get J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.