WS-Security (Web Services Security) is a proposed IT industry standard that addresses security when data is exchanged as part of a Web service. WS-Security is one of a series of specifications from an industry group that includes IBM, Microsoft, and Verisign. Related specifications include the Business Process Execution Language (BPEL), WS-Coordination, and WS-Transaction.
WS-Security specifies enhancements to SOAP (Simple Object Access Protocol) messaging aimed at protecting the integrity and confidentiality of a message and authenticating the sender. WS-Security also specifies how to associate a security token with a message, without specifying what kind of token is to be used. It does describe how to encode X.509 certificates and Kerberos tickets. In general, WS-Security is intended to be extensible so that new security mechanisms can be used in the future.
The WS-Security specification is an activity of the Web Service Interoperability Organization (WS-I Organization) which is an industry-wide effort at standardizing how Web services are requested and delivered.