A Discussion on Securing Web Services With OpenSSO
In a recent interview with Sun Developer Network, Sun technical product manager Sidharth Mishra explains the difference between Web services and Web applications and the reasons why traditional security mechanisms, such as SSL and TLS, are not adequate for protecting the data interactions among Web services. He then discusses the standards that OpenSSO supports to ensure message-level security: Notably, OpenSSO acts as a Security Token Service (STS) in enabling trust between Web-service consumers and providers.
OpenSSO, aka Sun Java System Access Manager, is fast gaining momentum as an open-source project for managing single sign-on, federation, and secure Web services. Do check it out!