This section focuses on the configuration and usage of messaging security. Configuration differs on the client and server sides; each part is described in a separate section. You are able to configure authentication mechanisms on the client, on the server, and on particular Web service endpoints.

On the server side, you can also configure authentication and authorization requirements for a Web service and associate identities with it.

All these tasks can be expressed by specific configuration elements, but you can also express them programmatically. The main benefit of messaging security configuration is that you can change security requirements without modifications to your source code. The remaining sections also describe programmatic access to specific security settings.