XML and Web Services Security

Implementation Version: 2.0 EA

This XML and Web Services Security implementation, included as part of the JavaTM Web Services Developer Pack 1.6, provides a framework within which a JAX-RPC or SAAJ application developer will be able to secure applications in the following ways:

This distribution includes samples that show how a JAX-RPC and/or SAAJ application developer can use the XML and Web Services Security technology. As previously noted, these nonstandard APIs are subject to change and, as standards are defined in the Web Services Security space, we will be moving toward using the appropriate standard APIs instead of these nonstandard APIs.

How XWS-Security and JSRs 105 and 106 are related

XWS-Security APIs are used for securing Web services based on JAX-RPC and SAAJ. This release of XWS-Security is based on the JSR-105 standard for XML Digital Signature and on non-standard XML Encryption APIs.

JSR-105 (XML Digital Signature) APIs are included in this release of the JWSDP. JSR 105 is a standard API (in progress, at Proposed Final Draft stage) for generating and validating XML Signatures as specified by the W3C recommendation. JSR-105 APIs are used by Java applications and middleware that need to create and/or process XML Signatures. It is used by this release of XWS-Security and can also be used by non-Web Services technologies, for example, documents stored or transferred in XML. Both JSR 105 and JSR 106 (XML Digital Encryption APIs) are core-XML security components.

XWS-Security does not use the JSR 106 APIs. XWS-Security uses the Apache libraries for XML-Enc. In future releases, the goal of XWS-Security is to move toward using JSR 106 APIs.

Command-line tools

In this release, the following command-line tools are included:


The documentation for this release consists of the following:

Questions, Feedback, Bug Reports

Please send questions, comments, and feedback to jwsdp-feedback@sun.com.

Due to the high volume of e-mail received on these aliases, you may not receive an immediate response to your inquiry.