background image

XWS-Security and XML Digital Signature

<< 7. Java XML Digital Signature API | XML Security Stack >>
<< 7. Java XML Digital Signature API | XML Security Stack >>
214
J
AVA
XML D
IGITAL
S
IGNATURE
API
· Java programmers who want to create a concrete implementation of the
XML Digital Signature API and register it as a cryptographic service of a
JCA provider (see
http://java.sun.com/j2se/1.4.2/docs/guide/
security/CryptoSpec.html#Provider
)
How XWS-Security and XML Digital
Signature API Are Related
Before getting into specifics, it is important to see how XWS-Security and XML
Digital Signature API are related. In this release of the Java WSDP, XWS-Secu-
rity is based on non-standard XML Digital Signature APIs.
XML Digital Signature API is an API that should be used by Java applications
and middleware that need to create and/or process XML Signatures. It can be
used by Web Services Security (the goal for a future release) and by non-Web
Services technologies (for example, signing documents stored or transferred in
XML). Both JSR 105 and JSR 106 (XML Digital Encryption APIs) are core-
XML
security
components.
(See
http://www.jcp.org/en/jsr/
detail?id=106
for more information about JSR 106.)
XWS-Security does not currently use the XML Digital Signature API or XML
Digital Encryption APIs. XWS-Security uses the Apache libraries for XML-
DSig and XML-Enc. The goal of XWS-Security is to move toward using these
APIs in future releases.