Definition

WS-Security (Web Services Security)

WS-Security (Web Services Security) is a proposed IT industry standard that addresses security when data is exchanged as part of a Web service. WS-Security is one of a series of specifications from an industry group that includes IBM, Microsoft, and Verisign. Related specifications include the Business Process Execution Language (BPEL), WS-Coordination, and WS-Transaction.

WS-Security specifies enhancements to SOAP (Simple Object Access Protocol) messaging aimed at protecting the integrity and confidentiality of a message and authenticating the sender. WS-Security also specifies how to associate a security token with a message, without specifying what kind of token is to be used. It does describe how to encode X.509 certificates and Kerberos tickets. In general, WS-Security is intended to be extensible so that new security mechanisms can be used in the future.

The WS-Security specification is an activity of the Web Service Interoperability Organization (WS-I Organization) which is an industry-wide effort at standardizing how Web services are requested and delivered.

This was last updated in September 2005
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSOA.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

  • Burton: Choosing an SOA mediation system

    Web services management products provide the broadest range of capabilities; WS-Policy will be key down the road, analyst says.

  • Reactivity's Nash on who controls SOA

    Andrew Nash is the chief technology officer at Reactivity Inc. He is the co-author of numerous Web Services specifications including WS-Security, WS-Trust, WS-Federation, WS-SecureConversation and WS-SecurityPolicy. Previously he was a director of technologies at RSA Security. He has also authored a book on public key infrastructure. Read Part 2

  • SAML gains momentum

    The federated identity specification SAML 2.0 just went through its latest round of interoperability testing with IBM, NEC, NTT and RSA Security demonstrating they can share identity inside a Web services network.

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: