Security is a key element of every Enterprise application, but in the recent years it has become even more important for Web Services. The reasons for all this hype on the Web Service security is due to the fact that the exposure of Web Services is rapidly moving from secure intranets to the insecure Internet. In addition, the kind of business around these services is often engaged without any prior human relationship, leaving all security issues to be addressed by the underlying technology.
Released by the OASIS consortium in 2004, the Web Services Security (WS-Security) specification (http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss) provides a set of mechanisms to help developers of Web Services to secure Simple Object Access Protocol (SOAP) message exchanges. Specifically, WS-Security describes enhancements to the existing SOAP messaging to provide quality of protection through the application of message integrity, message confidentiality, and single...