Web Services Security (WSS or WS-Security) describes enhancements to SOAP messaging in order to provide quality of protection through message integrity, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies.
The scope of the Web Services Security Technical Committee is the support of security mechanisms in the following areas:
- Using XML Signature to provide SOAP message integrity for Web Services
- Using XML Encryption to provide SOAP message confidentiality for Web Services
- Attaching and/or referencing security tokens in headers of SOAP messages. Options include:
- Carrying security information for potentially multiple, designated actors
- Associating signatures with security tokens
- Each of the security mechanisms will use implementation and language neutral XML formats defined in XML Schema.
Current specification: Web Services Security: SOAP Message Security
The basis of the work is the WS-Security specification submitted to OASIS by IBM, Microsoft, and VeriSign.
More information: WSS page on the OASIS website
More detail for the current topic:
More on the general topic: Security and Authorization
- eXtensible Access Control Markup Language (XACML)
- eXtensible rights Markup Language (XrML)
- Security Assertion Markup Language (SAML)
- Service Provisioning Markup Language (SPML)
- XML Common Biometric Format (XCBF)
- XML Key Management Specification (XKMS)
Related Online Briefings
- Online Briefing: Change Analysis of Systems Integration Techniques
- Online Briefing: Non-Technical Change Issues Related to SOA
Author: Douglas K Barry
You may use this material for your work or classes. Reprint Policy. Be sure to check the menu at the left for other articles available on this site.
The Savvy Manager's Guide
Douglas K Barry is also the author of a book that explains Web Services, service-oriented architecture, and Cloud Computing in an easy-to-understand, non-technical manner.
Web Services, Service-Oriented Architectures, and Cloud Computing: The Savvy Manager's Guide (Second Edition)
by Douglas K Barry with David Dick
This is a guide for the savvy manager who wants to capitalize on the wave of change that is occurring with Web Services, service-oriented architecture, and—more recently—Cloud Computing. The changes wrought by these technologies will require both a basic grasp of the technologies and an effective way to deal with how these changes will affect the people who build and use the systems in our organizations. This book covers both issues. Managers at all levels of all organizations must be aware of both the changes that we are now seeing and ways to deal with issues created by those changes.