WS-Security UsernameToken Best Practices

We just published an article by Keith Brown on how to properly use WS-Security UsernameTokens for your Web services.  Keith did a great job of talking about all the issues involved and with the help of Hervey we really hashed through all the issues that you should be aware of if you are considering using UsernameTokens for WS-Security.  This has certainly been a hot topic on the various newsgroups and I expect this to be a key piece for those WSE and other platform developers when looking for guidance around this popular technology.

   -Matt

Comments

• Anonymous
  February 09, 2005
  HI.
  I just wanted to know wether retriving an attachment tru byte array or retiving using WSE ?? which one is the best as u think ?
  
• Anonymous
  February 09, 2005
  It is a good article. The recommendation, however, is to use UsernameTokens (UT) over SSL. TMK, I don't see a SSL implementation in WSE or FX 1.1 (however FX 2.0 will have a SSL sockets implementation IIRC). IMHO, SecurityContextTokens are the current best way to secure all messages between web service endpoints without needing SSL (or even certs if you pass your own SCT).
  --
  William Stacey {MVP}
• Anonymous
  February 26, 2005
  Thank you I am learning of new things all day! And it is good to know of my <br><br>RSS already work. I think I need add button of RSS to make this thing clear.<br> But more work to do!