Hi Jason ! I have also been thinking about this issue... I'd be glad if someone could comment on this contribution...
I would say it depends on who you should serve with your service. It also depends on what kind of information you are going to send. If you are going to do a b2b solution and need high sequrity then I would suggest that you use both server and client authentication over SSL. Also, you might want to use XML digital signatures for further protection. If you only use XML-encryption your data might not be read but can be tampered with, so it's not sequre enough. I have tried Axis1.0 over SSL. I used WSDL2Java -generated classes and encountered some problems with (if I remember it right) Axis' SSLSocketFactory... Just my 2 cents... Regards, stefan -----Ursprungligt meddelande----- Från: Jason Essington [mailto:jasone@;GreenRiverComputing.com] Skickat: den 7 november 2002 21:26 Till: [EMAIL PROTECTED] Ämne: axis and xml-security Hi there I am curious if anyone has used axis along with the xml-security package to sign/encrypt soap messages? I don't see and integration of xml-security with axis, so I am curious what is the best way to go about this? Request and response handlers that perform the sign/verify actions, or would there be a better way? I would appreciate comments from anyone who has thoughts on the subject. -jason
