WS-Security
In the distributed web-services model, messages are exchanged between collaborating parties. During this message exchange, end-to-end message security must be addressed. As we have seen in earlier examples of typical business processes, a message may hop between many participating service providers. XML provides a platform-independent and network-neutral format for data transport. However, such messages must be secured. There may be a need to encrypt sensitive data. Also, once a service requester sends a message for a service to a service provider, the service provider may ask for the sender’s identity. The request message should be able to transport the user credentials securely to the provider. Overall, message transport in a business process has many more requirements than are typically required for point-to-point messaging, where a single transport and a single protocol is used for communication.
Message security primarily involves the following:
Message integrity
Message confidentiality...
