Web Services Security: SOAP Message Security
Web Services Security (WSS): SOAP
Message Security is a set of enhancements to SOAP messaging that provides
message integrity and confidentiality. WSS: SOAP Message Security
is extensible, and can accommodate a variety of security models and
encryption technologies.
WSS: SOAP Message Security provides three main mechanisms that
can be used independently or together:
- The ability to send security tokens as part of a message, and
for associating the security tokens with message content
- The ability to protect the contents of a message from unauthorized
and undetected modification (message integrity)
- The ability to protect the contents of a message from unauthorized
disclosure (message confidentiality).
WSS: SOAP Message Security can be used in conjunction with other
Web service extensions and application-specific protocols to satisfy
a variety of security requirements.
The specification is published by the Organization for the Advancement
of Structures Standards (OASIS). The specification is called Web Services
Security: SOAP Message Security 1.0 (WS-Security 2004).