Vibhor,
The JAX-RPC API can support the WS-Security SOAP extension. WS-Security
defines a set of SOAP headers, and it defines a mechansim by which you can
use XML signature to sign all or part of the SOAP body. JAX-RCP supports
header processing and you can use the JAX-RPC Handler interception model to
perform the necessary signing/designing of data (if you don't want to do it
as part of the header processing.
JSR 183 provides direct API support for Web services security. This API used
in conjunction with JAX-RPC will provide complete API coverage for
WS-Security.
There are also a few other Java APIs that deal with XML security:
- JSRs 104, 105, and 106 address XML Signature and XML Encryption.
- JSR 155 addresses SAML.
Anne
ps - WS-Security is a *joint* effort by IBM, Microsoft, and Verisign. This
spec has been submitted to OASIS, and now there is a technical committee
that is working to define a formal standard for Web services security.
> -----Original Message-----
> From: Public discussion on JAX-RPC
> [mailto:JAXRPC-INTEREST_at_JAVA.SUN.COM]On Behalf Of vibhor sharma
> Sent: Tuesday, September 24, 2002 3:14 AM
> To: JAXRPC-INTEREST_at_JAVA.SUN.COM
> Subject: Security in Web Services(JAXRPC)
>
>
> Hi,
> IBM has come up with the security specification for the web
> services. Would those be applicable to JAXRPC
> too ?apart from the transport layer security(mutual authentication) what
> is the initiative taken in the field of security for JAXRPC. Would the
> future versions of JAXRPC specs be covering the security related issues
> too?
>
> Thanks
> Vibhor Sharma
>