Improving web service WS-Security performance using WS-SecureConversation and WS-Trust

Performance of web services using WS-Security is not good. Reason behind this is, WS-Security uses asymmetric encryption based on public private key. Asymmetric encryption requires large key size and more processing overhead compared to symmetric encryption.

Solution to this is to use WS-Trust and WS-SecureConversation to use symmetric tokens and to improve performance.

WS-SecureConversation allows symmetric encryption for conversation between client and server. WS-SecureConversation uses WS-Security and WS-Trust to support secure exchange of secret key. WS-Trust publishes an interface for webservice that creates and works with security tokens.

Read more details at

http://www.ibm.com/developerworks/webservices/library/j-jws15/index.html?ca=drs-