Re: Securing Axis Web Services

[Anna Krajewska]

Hi   I use WSS4j. I create password secured WS and signed with certificate response. All communication is done with double ssl. What you should use depends on what kind of data you send. If only the response of WS contains privileged data you don't have to put much security to the request - password is the best.   Regards   Ania ----- Original Message ----- From: Daniel Destro To: axis-user@ws.apache.org Sent: Tuesday, April 04, 2006 1:12 AM Subject: Securing Axis Web Services I am kinda used to build WS with Axis, but I've never done any secure WS before. By secure I mean: only authorized access. I read Axis' documentation and they say I can use the sister project XML Signature. For you, experient guy, what is the best way (simple but functional) to allow only authorized access to my WS? Using certificates? HTTPS? User/Password in the SOAP header? Thanks Daniel