Introduction
Security has always played and still plays an important role in today's information-driven business processes. Consumers of information must know who sent the information and whether it has not been changed or read by others. Only then can they trust the message and do the transaction.
When thinking about security it's important to distinguish between Transport and Message-level security.
Transport-level security represents a technique where the underlying operating system or application servers are handling security features. Recipes for transport-level security are covered in the next chapter
Message-level security represents a technique where all information related to security is encapsulated in the message. This is what WS-Security specifies for web services. Securing messages using message-level security instead of using transport-level security has several advantages that includ:
Flexibility – parts of the message can be signed or encrypted. This means that intermediary...
