user1107924 wrote:not a stupid question, as these topics can be a bit dense. short answer, you don't. ws-security is useful if you want to handle the security/authentication at the message level. since you are handling it at the transport level, you are good to go.
maybe this is a stupid question but I'm a newbie in the topic.. if I have transport layer security with SSL + JAAS to authenticate the use of a JAX-WS webservice.. why do I need ws-security?