http://ws.apache.org/ws-fx/wss4j/
wss4j is Apache's stab at ws-security. It looks like a first run, but it doesn provide support for username tokens, encrypting/signing, etc. -----Original Message----- From: Vikas Phonsa [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 5:59 PM To: [EMAIL PROTECTED] Subject: RE: Best Practice Jim, Could u direct to some resources about WS Security that possibly have some examples related to Axis . I googled about security and authorization in web services but there is just too much information and it is kinda hard to select an approach to follow. Thanks -----Original Message----- From: Jim Murphy [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 2:53 PM To: [EMAIL PROTECTED] Subject: Re: Best Practice Joe Plautz wrote: > Yes it was. It's something the carries application specific information > as well as customer and user specific information. It's not great by any > means, but it doesn't allow access either. But, by doing it this way, > I've tried to keep the services as more of one time shots. Not as > something that needs to be called over and over again in rapid succession. > > Vikas Phonsa wrote: > >> Hi Joe, >> >> Thanks for your answer. Could you elaborate a little bit about the >> authentication object? Was that part of the SOAP message? Guys this is what WS-Security is for! The reason to use SOAP as a framing protocol is to leverage orthogonal/cross-cutting features like security, reliablity, trust, addressing in standard ways. Baking security features into your application messages may be expedient but is not the direction this industry is going in. Jim
