Establish Trusted Communication with WS-Secure Conversation
The WS-Secure Conversation specification allows Web services and clients to establish a token-based, secure conversation for the duration of a session. It is analogous to the Secure Sockets Layer (SSL) protocol that provides on-demand, secure communications over the HTTP transport channel. Secure conversations are well suited to participants that do not inherently trust each other, either because they have no ongoing relationship, or, for example, because they have not established certificate-based public-private keys to secure their conversations. In Chapters 6 and 7, you saw how the WS-Security and WS-Policy family of specifications combine to provide a comprehensive approach to securing Web services. Together these specifications provide an assortment of security options, including digital signatures, encryption algorithms, and custom authorization schemes.
Unable to display preview. Download preview PDF.