WS-SecureConversation in WSIT 1.0
By Jiandong Guo on Sep 17, 2007
WSIT 1.0 is released today in line of the release of Glassfish V2. WS-SecureConversation is supported in WSIT 1.0 as a major security feature. WS-SecureConversation, built on top of the general mechanisms
defined in WS-Security and WS-Trust, provides a way to establish security context (session) for more efficient communication and better security for multiple message exchanges between a cleint and a service.
Here is a summary of the WS-SecureConversation support in WSIT:
1. SCT Binding of WS-Trust (Issuance binding) for establishing security context
2. Embedded STS for issuing SCT - each WSIT enabled Web service can act as an STS for managing security context.
3. Security context concellation
4. Extensible SessionManager to persist security contexts for Web farms
5. Align with WS-RM to secure reliable messaging sessions.
6. SecurityContextToken for securing messages in the framework of WS-Security
7. Support for Key Derivation and KeyDerivedToken with various types of tokens.
8. Using Netbeans, enabling secure converation is just a click of a button on top of any security profiles.
9. Overall, performance improvement using secure conversation is significant, of 250 to 450 percent depending on the size of messages and the number of messages sent.