XML and Web Services Security

Implementation Version: 1.0 EA

The XML and Web Services Security Early Access implementation, included as part of the JavaTM Web Services Developer Pack 1.2, provides a framework with which a JAX-RPC application developer will be able to sign/verify SOAP messages. This implementation of XML and Web Services Security uses Apache's XML-Dsig (XML Digital Signature) implementation, which is based on the XML-Signature Syntax and Processing W3C standard.

Since the Java standards for some of these security technologies are undergoing definition under the Java Community Process, the security solution that is provided in the Java Web Services Developer Pack 1.2 is based on nonstandard APIs, which are subject to change with the new revisions of the technology. As standards are defined in the Web Services Security space, we will be moving to using the appropriate standard APIs instead of these nonstandard APIs.

XML and Web Services Security attempts to implement portions of the OASIS Web Services Security Working Draft dated 03 March 2003 and provides support for digitally signing and verifying a SOAP message.

This distribution includes samples that show how a JAX-RPC application developer can use the XML and Web Services Security technology. The nonstandard APIs that can be used by the JAX-RPC application developer are also documented (see API documentation). As previously noted, these nonstandard APIs are subject to change and will be replaced with appropriate standards-based APIs as those APIs are defined.


The documentation for this release consists of the following:

Questions, Feedback, Bug Reports

Please send questions, comments, and feedback to jwsdp-feedback@sun.com.

Due to the high volume of e-mail received on these aliases, you may not receive an immediate response to your inquiry.