By Jiandong Guo-Oracle on Oct 28, 2007
WS-SecureConversation introduces a handshake process which allows the
client and the service to authenticate to each other and to establish
a shared security context at the begining. This context contains a shared
secret key that can be used to secure the subsequent messages. This significantly
impoves the performance with multiple messages.
With WSIT and Netbeans, it is easy to enable secure conversation for your applications. Among 11 Netbeans WSIT security profiles (WSIT tutorial, chapter 6) defined, secure conversation can be enabled for the following ones:
Username Authentication with Symmetric Keys
Mutual Certificates Security
Message Authentication over SSL
SAML Sender Vouches with Certificates
SAML Holder of Key
STS Issued Token
STS Issued Token with Service Certificate
STS Issued Endorsing Token
To ensable secure conversation with any of the above mechanisms:
once you get here with Netbeans to configure the security mechanism (See
WSIT tutorial for more details),
click the "Configure" button:
Check the "Establish secure session (secure conversation)".
Then secure conversation is enabled for this project and the security mechanism configured is used in the boot strap (handshake)process for establishing the secure session.
In general if you want to secure your Web services with more than one message to send in the transaction, you should enable secure conversation.