Securing Web Services

The security model used for web services is based on specifications and recommendations of various standards organizations (see Web Services Security Initiatives and Organizations). The challenge behind the security model for Java EE-based web services is to understand and assess the risk involved in securing a web-based service today and, at the same time, track emerging standards and understand how they will be deployed to offset the risk in the future.

This chapter addresses using message security to address the characteristics of a web service that make its security needs different from those of other Java EE applications.

This chapter assumes that you are familiar with the web services technologies being discussed, or that you have read the following chapters in this tutorial that discuss these technologies: