Security is a key element of every Enterprise application, but in the recent years it has become even more important for Web Services. The reasons for all this hype on the Web Service security is due to the fact that the exposure of Web Services is rapidly moving from secure intranets to the insecure Internet. In addition, the kind of business around these services is often engaged without any prior human relationship, leaving all security issues to be addressed by the underlying technology.

Released by the OASIS consortium in 2004, the Web Services Security (WS-Security) specification (http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss) provides a set of mechanisms to help developers of Web Services to secure ...