Matt Powell

Web Platform and Tools

WS-Security UsernameToken Best Practices

We just published an article by Keith Brown on how to properly use WS-Security UsernameTokens for your Web services.  Keith did a great job of talking about all the issues involved and with the help of Hervey we really hashed through all the issues that you should be aware of if you are considering using UsernameTokens for WS-Security.  This has certainly been a hot topic on the various newsgroups and I expect this to be a key piece for those WSE and other platform developers when looking for guidance around this popular technology.

   -Matt

Published Tuesday, February 01, 2005 5:27 PM by mattpo

Comments

 

Aruna said:

HI.
I just wanted to know wether retriving an attachment tru byte array or retiving using WSE ?? which one is the best as u think ?
February 9, 2005 8:51 PM
 

William said:

It is a good article. The recommendation, however, is to use UsernameTokens (UT) over SSL. TMK, I don't see a SSL implementation in WSE or FX 1.1 (however FX 2.0 will have a SSL sockets implementation IIRC). IMHO, SecurityContextTokens are the current best way to secure all messages between web service endpoints without needing SSL (or even certs if you pass your own SCT).
--
William Stacey {MVP}
February 9, 2005 11:11 PM
 

下载 said:

Thank you I am learning of new things all day! And it is good to know of my <br> <br>RSS already work. I think I need add button of RSS to make this thing clear. <br> But more work to do!
February 26, 2005 8:11 PM
Anonymous comments are disabled

This Blog

Syndication

© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Microsoft
Page view tracker