Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Mark Hansen - WS-Security

 
Estevao Rohr
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does the book "SOA Using Java Web Services" talks about WS-Security and its related standards?

I've been reading about these standards (WS-Security, XML Encryption, XML Signature, SAML, XACML) for my Mastership Degree work, and I wonder if there's some resource showing by example how to design a WS-Security-based architecture. Also another question: those are the standards I concluded I will need to implement confidenciality, integrity, authorization and authentication. Did I forget any important one?

And do you have any suggestions of tools to implement these standards?

Thank you in advance,
Estevao Rohr.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
According to the table of contents, the book deals very little with security explicitly.

To use WS-Security you don't need to implement (or even directly use) any of the other standards you mention. The WS-Sec implementation does that for you (e.g. WSS4J, which is well-integrated with Axis).
 
Mark D. Hansen
author
Ranch Hand
Posts: 61
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf is right. I don't deal much with security in this book - primarily because there is no Java API for WS-Security built into Java EE 5 or Java SE 6. And that is the scope that I defined for the book.

See this blog post for some information about how to do it wth JSR-181 in the XFire toolkit.

JSR-183 is the WS-Security specification. But, not much has happened with it.

Within GlassFish, the WSIT interop framework provides some WS-Security features.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic