Simon Fell > Its just code
But part of the potential of WS-Security is to be able to have an authenticated (and possibly signed) transmission without having to encrypt the entire message. Important, I think, for both the point-to-point case and with intermediaries.[Greg Reinacker's Weblog] Certainly important for the intermediary case, not sure about the point-to-point case, the only thing it seems to buy you is a consistent approach with the approach required for intermediaries. Its going to cost you though at run time, I guess it'll be a while before a WS-Security implementation has been tuned to the level current SSL implementations have. SSL also has the advantage of being able to amortize the cost of establishing the session key over multiple message exchanges, via HTTP persistent connections.
Cool!, the SUN folks have put up a SOAP interop server.