8. Securing Web Services

<< Printing the Resulting Document | Securing Web Service Endpoints >>

231

Securing Web

Services

security model used for web services is based on specifications and rec-

ommendations of various standards organizations (see Web Services Security
Initiatives and Organizations, page 236). The challenge behind the security
model for Java EE-based web services is to understand and assess the risk
involved in securing a web-based service today and, at the same time, track
emerging standards and understand how they will be deployed to offset the risk
in the future.

This chapter addresses using message security to address the characteristics of a
web service that make its security needs different from those of other Java EE
applications.

This chapter assumes that you are familiar with the web services technologies
being discussed, or that you have read the following chapters in this tutorial that
discuss these technologies:

· Chapter 1, "Building Web Services with JAX-WS"

· Chapter 3, "Using JAXB"

· Chapter 6, "Java API for XML Registries"

· Chapter 5, "SOAP with Attachments API for Java"