Newbie 'best practise' question

[Tim Williams <th...@gmail.com>]

Hi all,

I've got 2 way encryption working using wss4j, and very nicely it runs too.
At the moment I'm designing another web service that I would like to provide
some security on. Basically we want to be able to say that only people we
want can use the service (authentication) and that nobody can listen in on
confidential data (encryption).

The question is, how do I best maintain a list of clients that are allowed
to connect to the service, and how do we go about checking a connecting
client against that list?

Any links people have on this matter would also be appreciated. I've looked
over the OASIS WS-Security authentication specification, but, to be honest,
most of that went over my head.

Thanks in advanced,
Tim