O'Reilly logo
  • Andrew Ireland thinks this is interesting:

One limitation of WS-Security, as compared to SSL and other options, is that it can only be used with WS-* web services (SOAP based services). This is a limitation because although SOAP-based web services are a popular option for implementing SOA, they aren’t the only option. Also, if you use WS-Security for all the messages, it’s likely to be slower than SSL because SSL can work at the bit level and be streamed, whereas WS-Security requires complete messages.


Cover of SOA Patterns


WS-Security limitations/restrictions to consider