developerWorks: Using Web Services Security in WebSphere Application Server
Apr 19, 2004, 05:30 (0 Talkback[s])
(Other stories by Sanjay Bose)
"Web services are virtual software components that can be
accessed and invoked through a variety of protocols and formats.
The environment for these components is heterogeneous and
distributed. As a result, a secure communication infrastructure is
required to ensure the security of the messages (and the content)
among these components.
"Web Services Security (WS-Security or WSS) is flexible and
designed to be used as the basis for the construction of a wide
variety of security models, including public key infrastructure
(PKI), Kerberos, and Secure Sockets Layer (SSL). Specifically,
WS-Security provides support for multiple security tokens, multiple
trust domains, multiple signature formats, and multiple encryption