![Close [x]](http://dw1.s81c.com/i/c.gif){kind=small}
This document describes a proposed strategy for addressing security within a Web service environment. It defines a comprehensive Web service security model that supports, integrates and unifies several popular security models, mechanisms, and technologies (including both symmetric and public key technologies) in a way that enables a variety of systems to securely interoperate in a platform- and language-neutral manner. It also describes a set of specifications and scenarios that show how these specifications might be used together.
The IT industry has been talking about Web services for almost two years. The benefits of having a loosely-coupled, language-neutral, platform-independent way of linking applications within organizations, across enterprises, and across the Internet are becoming more evident as Web services are used in pilot programs and in wide-scale production. Moving forward, our customers, industry analysts, and the press identify a key area that needs to be addressed as Web services become more mainstream: security. This document proposes a technical strategy and roadmap whereby the industry can produce and implement a standards-based architecture that is comprehensive yet flexible enough to meet the Web services security needs of real businesses.
| Description | Name | Size | Download method |
|---|---|---|---|
| Whitepaper in PDF format | ws-secmap.pdf | 216 KB | HTTP |
Information about download methods Get Adobe® Reader®
- Participate in the discussion forum.
-
WS-SecureConversation defines extensions that build on WS-Security to provide secure communication.
- Read the related Web Services Trust specification that explains how trust relationships are defined between Web services.
-
Web Services Addressing defines how to identify services across a network.
-
Web Services Policy Framework defines how to apply policies to control individual services behavior.
-
Web Services Security describes enhancements to SOAP to provide quality of
protection through message integrity, confidentiality, and authentication.
-
WS-SecurityPolicy is a building block that is used in conjunction with other Web service and application-specific protocols to accommodate a wide variety of security models.
-
SOAP 1.1 is the basic messaging transport for all Web services while SOAP 1.2
offers enhancements to the message framework.
-
WSDL 1.1 is the current standard language for services description.
-
XML Schema, Part 1 and Part 2 are specifications
that explain how schemas are organized in XML documents.