In message security, security information is inserted into messages so that it travels through the networking layers and arrives with the message at the message destination. Message security differs from transport layer security. Message security can be used to decouple message protection from message transport so that the message remains protected after transmission. For more information on security, see http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security2.html#wp268799.
JSR-196, as applicable to Web Services, defines a standard service provider interface by which authentication mechanism providers may be integrated with containers. Providers integrated through this interface establish the authentication identities used in container access decisions while servicing the request.