Web Services Security (WSS)

Web Services Security (WSS or WS-Security) describes enhancements to messaging in order to provide quality of protection through message integrity, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies.

The scope of the Web Services Security Technical Committee is the support of security mechanisms in the following areas:

  • Using to provide SOAP message integrity for Web Services 
  • Using to provide SOAP message confidentiality for Web Services 
  • Attaching and/or referencing security tokens in headers of SOAP messages. Options include:
    • Username token
    • Kerberos
    • X.509
  • Carrying security information for potentially multiple, designated actors 
  • Associating signatures with security tokens 
  • Each of the security mechanisms will use implementation and language neutral XML formats defined in .

Current specification:

The basis of the work is the WS-Security specification submitted to OASIS by IBM, Microsoft, and VeriSign.


More information: WSS page on the OASIS website

More Detail on Web Services Security (WSS)

Context for Web Services Security (WSS)

Related Articles for Web Services Security (WSS)

The Savvy Manager's Guide

is also the author of a book that explains Web Services, service-oriented architecture, and Cloud Computing in an easy-to-understand, non-technical manner.

Web Services, Service-Oriented Architectures, and Cloud Computing: The Savvy Manager's Guide

by with David Dick

This is a guide for the savvy manager who wants to capitalize on the wave of change that is occurring with Web Services, service-oriented architecture, and—more recently—Cloud Computing. The changes wrought by these technologies will require both a basic grasp of the technologies and an effective way to deal with how these changes will affect the people who build and use the systems in our organizations. This book covers both issues. Managers at all levels of all organizations must be aware of both the changes that we are now seeing and ways to deal with issues created by those changes.