Web services security - what to expect

I am reviewing a vendor抯 product that will run on a J2EE platform. One of the features of this product is a web services framework for developing web services. What I want to assess is how well they support web services security. They may say they rely on the underlying application server to 揹o the security stuff?is this enough?

A further question is: what should I expect from different J2EE application server vendors in the area of security. Is there reasonable compliance between them or is there still an amount of proprietary implementation should I need a particular security feature, that will ultimately result in application server lock-in?

[666 byte] By [paularmstronga] at [2007-10-1 0:28:50]

«« Web Services Security - What to expect
»» help with 2D array input using a text file

# 1

The Sun Java System Application Server (2004Q4 Beta) supports "Container message security mechanisms implementing message-level authentication (e.g. XML digital signature and encryption) of SOAP web services invocations using the X509 and username/password profiles of the OASIS WS-Security standard".

You might want to take a look at it.

Also you can find more information about this new appserver feature at the following link:

http://docs.sun.com/app/docs/doc/819-0788

Vishal

vishalmaha at 2007-7-7 16:15:56 >

top of Java-index,Enterprise & Remote Computing,Enterprise Technologies...

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Web services security - what to expect

Enterprise & Remote Computing New Topic

Enterprise & Remote Computing Hot Topic

Enterprise & Remote Computing

All Classified