A simple web service security scheme
I've been doing some prototyping for a public web service. Because some of the operations involve confidential data, I'm particularly concerned with ensuring that I have a reasonable security scheme in place. At the same time I want to ensure the broadest possible access to my service, regardless of web platform or environment that clients may use.
I took a look at the security schemes of some big web service providers and tried to concoct something that is at least as secure in the context of JAX-WS 2.0. The prototype is spread across a few posts in my blog:
Any and all feedback is appreciated. Thanks.