The application deployer is responsible for:
Securing the application if it has not been appropriately secured by upstream roles (the developer or assembler) and only if an application-specific policy is appropriate for the application.
Implementing application-specific security by adding the message security binding to the web service endpoint.
Modifying Sun-specific deployment descriptors to add message binding information.
These security tasks are discussed in Application-Specific Message Protection. An example application using message security is discussed in Understanding and Running the Example Application.