Sun Java logo     Previous      Contents      Next     

Sun logo
Sun Java System Application Server Enterprise Edition 8 2004Q4 XML and Web Services Security Guide 


Web Services Security

This chapter describes using Web Services Security (WSS) for message-level security. In message-level security, security information travels along with the Web services message. WSS in the SOAP layer is the use of XML Encryption and XML Digital Signatures to secure SOAP messages. WSS profiles the use of various security tokens including X.509 certificates, SAML assertions, and username/password tokens to achieve this.

Message layer security differs from transport layer security (which is discussed in the Security chapter of the J2EE 1.4 Tutorial) in that message layer security can be used to decouple message protection from message transport so that messages remain protected after transmission, regardless of how many hops they travel on.

This implementation of WS-Security is based on the Oasis Web Services Security (WSS) specification, which can be viewed at the following URL:

http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-soap-message-security-1.0.pdf

Some of the material in this chapter assumes that you understand basic security concepts. To learn more about these concepts, we recommend that you explore the following resources before you begin this chapter.

The Java 2 Standard Edition discussion of security, which can be viewed from

http://java.sun.com/j2se/1.4.2/docs/guide/security/index.html

The J2EE 1.4 Tutorial chapter titled Security, which can be viewed from

http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html

This chapter contains the following sections:



Previous      Contents      Next     


Copyright 2004 Sun Microsystems, Inc. All rights reserved.