Are there other projects for Web services security in the works beside
WS-Security?
Requires Free Membership to View
There is quite a bit of activity beyond WS-Security. Two Web services security specifications
that have been recently released (version 1.0 with work continuing on their next version)
are:
- SAML: defines authentication, attribute and authorization assertions and is used as one of the tokens in WS-Security. It also has additional profiles, which define how to use it with HTTP and Browsers.
- XACML: an XML based protocol for authorization. This defines a way to define access control down to the element level in an XML document. It is extensible by means of XSLT to other security protocols. One transform in the specification can the used to integrate XACML with SAML authorization assertions.
- WS-Policy: will describe the capabilities and constraints of the security (and other business) policies on intermediaries and endpoints (e.g. required security tokens, supported encryption algorithms, privacy rules).
- WS-Trust: will describe a framework for trust models that enables Web services to securely interoperate.
- WS-Privacy: will describe a model for how Web services and requesters state subject privacy preferences and organizational privacy practice statements.
- WS-SecureConversation: will describe how to manage and authenticate message exchanges between parties including security context exchange and establishing and deriving session keys.
- WS-Federation: will describe how to manage and broker the trust relationships in a heterogeneous federated environment including support for federated identities.
- WS-Authorization: will describe how to manage authorization data and authorization policies.
This was first published in July 2003
Join the conversationComment
Share
Comments
Results
Contribute to the conversation