O'Reilly logo

Java Web Services: Up and Running by Martin Kalin

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

WS-Security

WS-Security is a family of specifications (see Figure 5-6) designed to augment wire-level security by providing a unified, transport-neutral, end-to-end framework for higher levels of security such as authentication and authorization.

The WS-Security specifications

Figure 5-6. The WS-Security specifications

The layered blocks above WS-Security in Figure 5-6 can be clarified briefly as follows. The first layer consists of WS-Policy, WS-Trust, and WS-Privacy. The second layer of WS-SecureConversation, WS-Federation, and WS-Authorization builds upon this first layer. The architecture is thus modular but also complicated. Here is a short description of each specification, starting with the first layer:

WS-Policy

This specification describes general security capabilities, constraints, and policies. For example, a WS-Policy assertion could stipulate that a message requires security tokens or that a particular encryption algorithm be used.

WS-Trust

This specification deals primarily with how security tokens are to be issued, renewed, and validated. In general, the specification covers broker trust relationships, which are illustrated later in a code example.

WS-Privacy

This specification explains how services can state and enforce privacy policies. The specification also covers how a service can determine whether a requester intends to follow such policies.

WS-SecureConversation

This specification covers, as the name ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required