Scribd
Upload
38 views4 pages

Web Service Security Overview

Web service security aims to enable secure SOAP message exchange by meeting requirements like supporting multiple security tokens for authentication, multiple trust domains, and encryption technologies. It uses specifications like WS-Security, WS-SecureConversation, WS-Federation, and WS-Authorization to provide end-to-end message security beyond just transport-level security. These specifications support scenarios involving direct trust with usernames/passwords or security tokens, acquiring security tokens, firewall processing, issued tokens, enforcing business policies, privacy, and various client types.

Uploaded by

Kishore Reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
38 views4 pages

Web Service Security Overview

Web service security aims to enable secure SOAP message exchange by meeting requirements like supporting multiple security tokens for authentication, multiple trust domains, and encryption technologies. It uses specifications like WS-Security, WS-SecureConversation, WS-Federation, and WS-Authorization to provide end-to-end message security beyond just transport-level security. These specifications support scenarios involving direct trust with usernames/passwords or security tokens, acquiring security tokens, firewall processing, issued tokens, enforcing business policies, privacy, and various client types.

Uploaded by

Kishore Reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Web Service Security

Introduction
 What is web service security?
WS- Security is flexible and is designed to be used as the basis for the construction of a wide variety of security models
including SSL.

 What are the goals of web service security?


The goal of WS-Security is to enable applications to construct secure SOAP message exchange.

 What are the requirements of web service security?


• Multiple security tokens for authentication or authorization
• Multiple trust domains
• Multiple encryption technologies
• End-to-end message-level security and not just transport-level security
Web Services Security Specifications

The combination of security specifications, related activities, and


interoperability profiles will enable customers to easily build
interoperable secure Web services.
Figure. Web Services Security Specifications

WS-SecureConveration WS-Federation WS-Authorizatioon

WS-Policy WS-Trust WS-Privacy

Today WS-Security

SOAP Foundation
Scenarios

Scenarios supported by the proposed initial specifications and associated


deliverables:

 Direct Trust using Username/Password and Transport-Level Security


 Direct Trust using Security Tokens
 Security Token Acquisition
 Firewall Processing
 Issued Security Token
 Enforcing Business Policy
 Privacy
 Web Clients
 Mobile Clients

You might also like