This release includes the following XWS-Security features:

Note: The XWS-Security EA 2.0 APIs are intended to insulate XWS-Security users from possible changes in the internal APIs, however, these APIs are subject to minor changes between 2.0 EA and 2.0 FCS.

The XWS-Security release contents are arranged in the structure shown in Table 4-1 within the Java WSDP release:

Table 4-1  XWS-Security directory structure
Directory Name
Keystore files, property files, configuration files used for the examples.
API documentation for the XWS-Security framework.
JAR files containing the XWS-Security framework implementation and dependent libraries.
Example code. This release includes sample applications. For more information on the samples, read Are There Any Sample Applications Demonstrating XWS-Security?
Command-line tools that provide specialized utilities for keystore management. For more information on these, read Useful XWS-Security Command-Line Tools.

This implementation of XWS-Security is based on the Oasis Web Services Security (WSS) specification, which can be viewed at the following URL:


Some of the material in this chapter assumes that you understand basic security concepts. To learn more about these concepts, we recommend that you explore the following resources before you begin this chapter.