WS-Security UsernameToken Best Practices

We just published an article by Keith Brown on how to properly use WS-Security UsernameTokens for your Web services.  Keith did a great job of talking about all the issues involved and with the help of Hervey we really hashed through all the issues that you should be aware of if you are considering using UsernameTokens for WS-Security.  This has certainly been a hot topic on the various newsgroups and I expect this to be a key piece for those WSE and other platform developers when looking for guidance around this popular technology.


Comments (3)

  1. Aruna says:


    I just wanted to know wether retriving an attachment tru byte array or retiving using WSE ?? which one is the best as u think ?

  2. William says:

    It is a good article. The recommendation, however, is to use UsernameTokens (UT) over SSL. TMK, I don’t see a SSL implementation in WSE or FX 1.1 (however FX 2.0 will have a SSL sockets implementation IIRC). IMHO, SecurityContextTokens are the current best way to secure all messages between web service endpoints without needing SSL (or even certs if you pass your own SCT).

    William Stacey {MVP}

  3. 下载 says:

    Thank you I am learning of new things all day! And it is good to know of my
    <br>RSS already work. I think I need add button of RSS to make this thing clear.
    <br> But more work to do!