Web Services Security (WSS)

Web Services Security (WSS or WS-Security) describes enhancements to SOAP messaging in order to provide quality of protection through message integrity, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies.

The scope of the Web Services Security Technical Committee is the support of security mechanisms in the following areas:

  • Using XML Signature to provide SOAP message integrity for Web Services 
  • Using XML Encryption to provide SOAP message confidentiality for Web Services 
  • Attaching and/or referencing security tokens in headers of SOAP messages. Options include:
    • Username token
    • SAML
    • XrML
    • Kerberos
    • X.509
  • Carrying security information for potentially multiple, designated actors 
  • Associating signatures with security tokens 
  • Each of the security mechanisms will use implementation and language neutral XML formats defined in XML Schema.

Current specification: Web Services Security: SOAP Message Security

The basis of the work is the WS-Security specification submitted to OASIS by IBM, Microsoft, and VeriSign.

Organization: OASIS

More information: WSS page on the OASIS website

Related Articles

More detail for the current topic: Web Services Security (WSS)

More on the general topic: Security and Authorization

Related Online Briefings

You may use this material for your work or classes. Reprint Policy. Be sure to check the menu at the left for other articles available on this site.

The Savvy Manager's Guide

Douglas K Barry is also the author of a book that explains Web Services, service-oriented architecture, and Cloud Computing in an easy-to-understand, non-technical manner.

Web Services, Service-Oriented Architectures, and Cloud Computing: The Savvy Manager's Guide

Web Services, Service-Oriented Architectures, and Cloud Computing: The Savvy Manager's Guide (Second Edition)

by with David Dick

This is a guide for the savvy manager who wants to capitalize on the wave of change that is occurring with Web Services, service-oriented architecture, and—more recently—Cloud Computing. The changes wrought by these technologies will require both a basic grasp of the technologies and an effective way to deal with how these changes will affect the people who build and use the systems in our organizations. This book covers both issues. Managers at all levels of all organizations must be aware of both the changes that we are now seeing and ways to deal with issues created by those changes.