Home > Articles > Programming

Web Service Security Architectures  Part II

  • Print
  • + Share This
WS Security-related initiatives are a major architecture effort, initially propounded by Microsoft, IBM, and VeriSign, which have now been submitted to OASIS to become an industry standard. In the last article in his series on Web services security, Seshadri Gokul takes a detailed look.
Like this article? We recommend

In my previous article, I highlighted the difficulty in evolving common Web services security architectures using two different Web services interaction scenarios as illustrations. In this last article in this series, we look at WS Security-related initiatives—a major architecture effort initially propounded by Microsoft, IBM, and Verisign that has now been submitted to OASIS to become an industry standard.

What Are WS Security Initiatives?

In its present form, WS Security is a specification that defines a set of standard SOAP extensions (or SOAP message headers) to incorporate security information and mechanisms. In other words, WS Security is an attempt to push XML security technologies such as XML encryption and XML digital signatures into the Web services realm by incorporating them within SOAP messages.

The previous article said that incorporating security information within a SOAP header provides flexibility and a uniform security abstraction layer. The WS Security specification fortunately embraces existing standards—such as XML encryption and XML digital signature specifications by various bodies and consortia—while proposing these extensions. The specifications stand independent of implementation specifics such as PKI and Kerberos.

What makes the WS initiative even more interesting is that it proposes a roadmap for specifications that are yet to come—covering areas of broader scope such as security policy, privacy, trust, messaging, and federations. In other words, the WS initiative tries to define a very broad canvas for all existing security technologies, as well as those that are going to emerge in the future, to fit in.

This article first looks at the standard SOAP extensions defined by WS Security and then discusses the broader perspectives it attempts to embrace down the line.

  • + Share This
  • 🔖 Save To Your Account