Chapter 13. Advanced Security | Web Services Platform Architecture(c) SOAP, WSDL, WS-Policy, WS-Addressing, WS-BP[. .. ] More

As presented in Chapter 12, "Security," WS-Security provides the basis for the other security specifications, as shown in Figure 13-1. WS-Security: SOAP Message Security provides a complete, flexible, end-to-end, multiparty model for authentication, message integrity, and confidentiality. The secure messaging protocols rely on security tokens. WS-Trust introduces the concept of a security token server, which is a Web service that issues, renews, and validates security tokens.

Figure 13-1. Web services security architecture.

Chapter 7, "Web Services Policy," discussed the WS-Policy framework. WS-SecurityPolicy defines the model Web services use to document their WS-Security support and requirements for requesters. This chapter provides additional details on WS-SecurityPolicy.

WS-Security: SOAP Message Security is optimized for exchanging a small number of messages. A requester might engage in a prolonged "conversation" with a Web service. WS-SecureConversation builds on WS-Trust and message security to provide support for multimessage, long-lived conversations. WS-SecureConversation provides a better level of security and improved efficiency. This chapter also provides an overview of WS-Secure Conversation.

WS-Trust supports security tokens. Collaboration between enterprises often requires sharing additional information, such as customer identity information and preferences. WS-Federation extends WS-Trust to provide these functions, and is discussed later in this chapter.

The final two specifications in the security family are WS-Authorization and WS-Privacy. These specifications are in progress. This chapter describes their role and purpose.