Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
WS-Security
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==History== Web services initially relied on the underlying transport security. In fact, most implementations still do{{Citation needed|date=January 2010}}. As SOAP allows for multiple transport bindings, such as HTTP and SMTP, a SOAP-level security mechanism was needed. The lack of end-to-end security because of the dependence on transport security was another factor. The protocol was originally developed by [[IBM]], [[Microsoft]], and [[VeriSign]]. Their original specification<ref name="Atkinson">[http://msdn.microsoft.com/en-us/library/ms951257 Bob Atkinson, et al.: Web Services Security (WS-Security)]. ''msdn.microsoft.com''</ref><ref name="Atkinson-alt">[http://schemas.xmlsoap.org/specs/ws-security/ws-security.htm Bob Atkinson, et al.: Web Services Security (WS-Security)]. ''schemas.xmlsoap.org''</ref> was published on 5 April 2002 and was followed up by an addendum<ref name="Della-Libera">[http://public.dhe.ibm.com/software/dw/specs/ws-secureadd/ws-secureadd.pdf Giovanni Della-Libera, Phillip Hallam-Baker Maryann Hondo: Web Services Security Addendum]</ref> on 18 August 2002. In 2002, two proposals were submitted to the OASIS WSS Technical Committee:<ref name="wss-tc">[http://www.oasis-open.org/committees/wss/charter.php OASIS Web Services Security TC]</ref> Web Service Security (WS-Security) and Web Services Security Addendum. As a result, WS-Security was published: * WS-Security 1.0 was released on 19 April 2004. * Version 1.1 was released on 17 February 2006. The version 1.0 standard published by OASIS contained a number of significant differences to the standard proposed by the IBM, Microsoft and VeriSign consortium. Many systems were developed using the proposed standard and the differences made them incompatible with systems developed to the OASIS standard. Some refer to the pre-OASIS specification as the "WS-Security Draft 13",<ref name="draft13">[http://www.oasis-open.org/committees/download.php/2314/WSS-SOAPMessageSecurity-13-050103-merged.pdf Web Services Security: SOAP Message Security β Working Draft 13]</ref> or as the Web Services Security Core Specification. However these names are not widely known and indeed today it is hard to clearly identify whether an application or server is using a pre- or post-OASIS specification. Most forum posts use the keyword "WSSE" to refer to the pre-OASIS version because it mandated the use of a "wsse" [[XML namespace]] prefix to the<ref>[http://schemas.xmlsoap.org/ws/2002/07/secext schemas.xmlsoap.org]</ref> URL (and similar URLs of different versions). The protocol is officially called WSS and developed via committee in Oasis-Open.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)