This week's book giveaway is in the Security forum.
We're giving away four copies of Penetration Testing Basics and have Ric Messier on-line!
See this thread for details.
Win a copy of Penetration Testing Basics this week in the Security forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is the way IBM implements WS-Security viable?

Peter Hu
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In its WebSphere Application server IBM implements some of the WS-Security standard. Yet it uses the declaretive model, i.e. the aliases, passwords(encrypted) and names of certificates and keys are stored in the deployment descriptor XML file. Every time when a new certificate or private key is added, the descriptor file needs to be updated and the project has to be redeployed, needless to say the server has to be restarted. How does this approach can handle a broad consumer-based Web Service?

  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic