Web Service Security |
|
Web Service Security (WS-Security) is a specification developed by OASIS that proposes a way of securing exchange of SOAP messages. The WS-Security specification describes how SOAP can be extended to provide message content integrity, confidentiality, and support for the use of security tokens in messages. WS-Security can be seen as the basis for securing Web services.
The specification provides support for multiple security token formats, multiple trust domains, multiple signature formats and multiple encryption technologies. The token formats and semantics for using these are defined in the associated profile documents:
- WS-Security Core Specification 1.1
- User name Token Profile 1.1
- X.509 Token Profile 1.1
- SAML Token profile 1.1
- Kerberos Token Profile 1.1
- Rights Expression Language (REL) Token Profile 1.1
- SOAP with Attachments (SWA) Profile 1.1
Process Platform currently supports the following profiles:
- User name Token Profile 1.1
- SAML Token profile 1.1