Web Services Security (WSS)

Web Services Security (WSS or WS-Security) describes enhancements to SOAP messaging in order to provide quality of protection through message integrity, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies.

The scope of the Web Services Security Technical Committee is the support of security mechanisms in the following areas:

• Using XML Signature to provide SOAP message integrity for Web Services 
• Using XML Encryption to provide SOAP message confidentiality for Web Services 
• Attaching and/or referencing security tokens in headers of SOAP messages. Options include:
  • Username token
  • SAML
  • XrML
  • Kerberos
  • X.509
• Carrying security information for potentially multiple, designated actors 
• Associating signatures with security tokens 
• Each of the security mechanisms will use implementation and language neutral XML formats defined in XML Schema.

Current specification: Web Services Security: SOAP Message Security

The basis of the work is the WS-Security specification submitted to OASIS by IBM, Microsoft, and VeriSign.

Organization: OASIS

More information: WSS page on the OASIS website

More Detail on Web Services Security (WSS)

• Public Key Infrastructure (PKI)
• XML Encryption
• XML Signature

Context for Web Services Security (WSS)

Home » Articles » Web Services Articles » Web Services Specifications » Security and Authorization » Web Services Security (WSS)

Related Articles for Web Services Security (WSS)

• eXtensible Access Control Markup Language (XACML)
• eXtensible rights Markup Language (XrML)
• Security Assertion Markup Language (SAML)
• Service Provisioning Markup Language (SPML)
• XML Common Biometric Format (XCBF)
• XML Key Management Specification (XKMS)