The Web Service Client which makes the web service call provides support for securing the outgoing communication, and also validates the incoming response for Web Service Provider. The Web Service Client security infrastructure requires the following:
Configurations to determine STS and credentials to authenticate and obtain WSP resource offerings.
Optionally there should be provision to statically configure the resource offering locally
Interfaces to obtain WSP resource offering either from STS or optionally from the local configuration
Interfaces to secure the request. This could be accomplished by calling the STS for the security token or should be locally generated. The security token generated could be either that of the WSC itself or it could be that of the authenticated entity (impersonalization)
In addition to adding the security token it should be possible to add additional attributes of the identity, for example roles and memberships
Interface to validate the response received from WSP.
Two kinds of interfaces are needed at the Web Service Client. One interface is needed for configuration and administration. One interface is used at run time for securing requests and validating responses.