Web Services Security: SOAP Message Security
Web Services Security (WSS): SOAP Message Security is a set of enhancements to SOAP messaging that provides message integrity and confidentiality. WSS: SOAP Message Security is extensible, and can accommodate a variety of security models and encryption technologies.
WSS: SOAP Message Security provides three main mechanisms that
can be used independently or together. They are:
- The ability to send security tokens as part of a message, and for associating the security tokens with message content
- The ability to protect the contents of a message from unauthorized and undetected modification (message integrity)
- The ability to protect the contents of a message from unauthorized disclosure (message confidentiality).
WSS: SOAP Message Security can be used in conjunction with other web service extensions and application-specific protocols to satisfy a variety of security requirements.
The specification is published by OASIS at
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf.