Web Services uses a Web Services Description Language (WSDL) file to describe the service and registry service to register and look up the services. The Simple Object Access Protocol (SOAP) binding is the standard interoperable binding for accessing Web Services. Several registry protocols available, but UDDI (Universal Description, Discovery and Integration) is probably the most recognizable based on Java Web Services Developer Pack, Web Server because it supports integrated Java Web Services runtime and tools, and therefore supports portable Web Services implementations, making it interoperable with .NET clients and services using the WS-I Basic Profile. For more information on Web Services, see http://java.sun.com/webservices/docs/2.0/tutorial/doc/index.html.
WS-Security is an OASIS proposal for adding message-layer security to SOAP messages. It defines standardized locations and syntax by which security tokens such as X.509 certificates and Kerberos tickets can be carried within SOAP Headers in order to secure the contents of the SOAP message exchanges. WS-Security leverages the existing XML Digital Signature and XML Encryption specifications for capturing the results of signing and encryption operations in XML syntax. In essence, WS-Security standardizes the XML Signature and XML Encryption data blocks that are carried with a SOAP message. Web Server supports the integrated WS-Security standard. In addition, this release supports JSR-196 as applicable to Web Services. Web Server provides the ability to bind SOAP-layer message-security providers and message-protection policies to the container. This binding allows the container to enforce the security on behalf of the applications.