|
As presented in Chapter 12, "Security," WS-Security provides the basis for the other security specifications, as shown in Figure 13-1. WS-Security: SOAP Message Security provides a complete, flexible, end-to-end, multiparty model for authentication, message integrity, and confidentiality. The secure messaging protocols rely on security tokens. WS-Trust introduces the concept of a security token server, which is a Web service that issues, renews, and validates security tokens. Figure 13-1. Web services security architecture.
Chapter 7, "Web Services Policy," discussed the WS-Policy framework. WS-SecurityPolicy defines the model Web services use to document their WS-Security support and requirements for requesters. This chapter provides additional details on WS-SecurityPolicy. WS-Security: SOAP Message Security is optimized for exchanging a small number of messages. A requester might engage in a prolonged "conversation" with a Web service. WS-SecureConversation builds on WS-Trust and message security to provide support for multimessage, long-lived conversations. WS-SecureConversation provides a better level of security and improved efficiency. This chapter also provides an overview of WS-Secure Conversation. WS-Trust supports security tokens. Collaboration between enterprises often requires sharing additional information, such as customer identity information and preferences. WS-Federation extends WS-Trust to provide these functions, and is discussed later in this chapter. The final two specifications in the security family are WS-Authorization and WS-Privacy. These specifications are in progress. This chapter describes their role and purpose. |
|