- SAML: defines authentication, attribute and authorization assertions and is used as one of the tokens in WS-Security. It also has additional profiles, which define how to use it with HTTP and Browsers.
- XACML: an XML based protocol for authorization. This defines a way to define access control down to the element level in an XML document. It is extensible by means of XSLT to other security protocols. One transform in the specification can the used to integrate XACML with SAML authorization assertions.
- WS-Policy: will describe the capabilities and constraints of the security (and other business) policies on intermediaries and endpoints (e.g. required security tokens, supported encryption algorithms, privacy rules).
- WS-Trust: will describe a framework for trust models that enables Web services to securely interoperate.
- WS-Privacy: will describe a model for how Web services and requesters state subject privacy preferences and organizational privacy practice statements.
- WS-SecureConversation: will describe how to manage and authenticate message exchanges between parties including security context exchange and establishing and deriving session keys.
- WS-Federation: will describe how to manage and broker the trust relationships in a heterogeneous federated environment including support for federated identities.
- WS-Authorization: will describe how to manage authorization data and authorization policies.
Dig deeper on WS-Security (Web services security standards)
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.