The following lists are designed to help you determine whether using OpenSSO Enterprise to secure web services is suitable in your environment.
Based on standards specification as developed by OASIS, Liberty Alliance Project, Web Services Interoperability Organization, World Wide Web Consortium.
Secures the message over all hops and after the message arrives at its destination.
Security is fine-grained and can selectively be applied to different portions of a message (and to attachments if using XWSS).
Can be used in conjunction with intermediaries over multiple hops.
Is independent of the application environment or transport protocol.
Securing web services interactions is transparent to the client applications when web service security providers are configured in web or J2EE containers.
The drawback to using message-level security is that it is relatively complex and adds some overhead to processing.