The recently updated Web Services Trust Language (WS-Trust) uses the secure messaging mechanisms of WS-Security to define additional primitives and extensions for security token exchange to enable the issuance and dissemination of credentials within different trust domains.

The Web Services Trust Language (WS-Trust) uses the secure messaging mechanisms of WS-Security to define additional primitives and extensions for the issuance, exchange and validation of security tokens. WS-Trust also enables the issuance and dissemination of credentials within different trust domains.

In order to secure a communication between two parties, the two parties must exchange security credentials (either directly or indirectly). However, each party needs to determine if they can "trust" the asserted credentials of the other party. This specification defines extensions to WS-Security for issuing and exchanging security tokens and ways to establish and access the presence of trust relationships. Using these extensions, applications can engage in secure communication designed to work with the general Web Services framework, including WSDL service descriptions, UDDI businessServices and bindingTemplates, and SOAP messages.

Get the specification and related material

If you would like to contribute technical comments on this specification, please do so through our Feedback page.

You can still view the previous version of this specification by clicking on the following link:

• WS-Trust specification previous version (May 2004)

Resources

• Application Note: Using WS-Trust for Simple and Protected Negotiation Protocol [PDF] describes the usage of the WS-Trust binary negotiation framework to securely establish a common security mechanism (September 2007).
  
  
• Application Note: Using WS-Trust for TLS Handshake [PDF] describes the usage of the WS-Trust binary negotiation framework to securely establish a recipient's identity, securely establish a shared security context between two SOAP nodes, and to optionally establish authenticity of the sender using the sender's WS-Security credentials (September 2007).
  
  
• WS Trust 1.3 [PDF] is now an OASIS Standard. The WS-Trust specifications provided in the links above were used as inputs to the OASIS process.
  
  
• WS-SecureConversation defines extensions that build on WS-Security to provide secure communication.
  
  
• Web Services Addressing defines how to identify services across a network.
  
  
• Web Services Policy Framework defines how to apply policies to control individual services behavior.
  
  
• Web Services Security describes enhancements to SOAP to provide quality of protection through message integrity, confidentiality, and authentication.
  
  
• WS-SecurityPolicy is a building block that is used in conjunction with other Web service and application-specific protocols to accommodate a wide variety of security models.
  
  
• SOAP 1.1 is the basic messaging transport for all Web services while SOAP 1.2 offers enhancements to the message framework.
  
  
• WSDL 1.1 is the current standard language for services description.
  
  
• XML Schema, Part 1 and Part 2 are specifications that explain how schemas are organized in XML documents.
  
  

Comments

Back to top

Dig deeper into SOA and Web services on developerWorks

My developerWorks community