Since the J2EE Web service security model is based on the J2EE platform security model, do we need to know the details of J2EE platform security model to clear the exam? Would it be enough if we just learn the part applying to Web Service? Thanks.
I believe the exam will require us to know a little further than just J2EE security. I think it will have questions on security at the transport level (like HTTP over SSL) and at the content level (like XML Digital signature, XML Encryption, SAML, etc).
It might even have something on the Liberty Project.
I found a very good audio cast on this topic at the Sun site. It gives you a high level idea of WS Security. Hope that helps. Cheers.