Web Services Security (WSS)
Web Services Security (WSS or WS-Security) describes enhancements to SOAP messaging in order to provide quality of protection through message integrity, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies.
The scope of the Web Services Security Technical Committee is the support of security mechanisms in the following areas:
- Using XML Signature to provide SOAP message integrity for Web Services
- Using XML Encryption to provide SOAP message confidentiality for Web Services
- Attaching and/or referencing security tokens in headers of SOAP messages. Options include:
- Carrying security information for potentially multiple, designated actors
- Associating signatures with security tokens
- Each of the security mechanisms will use implementation and language neutral XML formats defined in XML Schema.
Current specification: Web Services Security: SOAP Message Security
The basis of the work is the WS-Security specification submitted to OASIS by IBM, Microsoft, and VeriSign.
More information: WSS page on the OASIS website
More detail for the current topic: Web Services Security (WSS)
More on the general topic: Security and Authorization
- eXtensible Access Control Markup Language (XACML)
- eXtensible rights Markup Language (XrML)
- Security Assertion Markup Language (SAML)
- Service Provisioning Markup Language (SPML)
- XML Common Biometric Format (XCBF)
- XML Key Management Specification (XKMS)