|
WS-SecurityPolicy
WS-SecurityPolicy is a web services specification, created by IBM and 12 co-authors, that has become an OASIS standard as of version 1.2. It extends the fundamental security protocols specified by the WS-Security, WS-Trust and WS-SecureConversation by offering mechanisms to represent the capabilities and requirements of web services as policies. Security policy assertions are based on the WS-Policy framework. Policy assertions can be used to require more generic security attributes like transport layer security , message level security {{mono, <AsymmetricBinding> or timestamps, and specific attributes like token types. Most policy assertion can be found in following categories: * Protection assertions identify the elements of a message that are required to be signed, encrypted or existent. * Token assertions specify allowed token formats (SAML, X509, Username etc.). * Security binding assertions control basic security safeguards like transport and message level security, ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
List Of Web Service Specifications
There are a variety of specifications associated with web services. These specifications are in varying degrees of maturity and are maintained or supported by various standards bodies and entities. These specifications are the basic web services framework established by first-generation standards represented by WSDL, SOAP, and UDDI. Specifications may complement, overlap, and compete with each other. Web service specifications are occasionally referred to collectively as "WS-*", though there is not a single managed set of specifications that this consistently refers to, nor a recognized owning body across them all. Web service standards listings These sites contain documents and links about the different Web services standards identified on this page. * IBM Developerworks: Standard and Web Service innoQ's WS-Standard Overview() MSDN .NET Developer Centre: Web Service Specification Index PageOASIS Standards and Other Approved WorkOpen Grid Forum Final DocumentXML CoverPageW3C' ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OASIS (organization)
The Organization for the Advancement of Structured Information Standards (OASIS; ) is a nonprofit consortium that works on the development, convergence, and adoption of open standards for cybersecurity, blockchain, Internet of things (IoT), emergency management, cloud computing, legal data exchange, energy, content technologies, and other areas. History OASIS was founded under the name "SGML Open" in 1993. It began as a trade association of Standard Generalized Markup Language (SGML) tool vendors to cooperatively promote the adoption of SGML through mainly educational activities, though some amount of technical activity was also pursued including an update of the CALS Table Model specification and specifications for fragment interchange and entity management. In 1998, with the movement of the industry to XML, SGML Open changed its emphasis from SGML to XML, and changed its name to OASIS Open to be inclusive of XML and reflect an expanded scope of technical work and standa ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
WS-Security
Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS. The protocol specifies how integrity and confidentiality can be enforced on messages and allows the communication of various security token formats, such as Security Assertion Markup Language (SAML), Kerberos, and X.509. Its main focus is the use of XML Signature and XML Encryption to provide end-to-end security. Features WS-Security describes three main mechanisms: * How to sign SOAP messages to assure integrity. Signed messages also provide non-repudiation. * How to encrypt SOAP messages to assure confidentiality. * How to attach security tokens to ascertain the sender's identity. The specification allows a variety of signature formats, encryption algorithms and multiple trust domains, and is open to various security token models, such as: * X.509 certificates, * Kerberos tickets, * User ID/Password cr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
WS-Trust
WS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure message exchange. The WS-Trust specification was authored by representatives of a number of companies, and waapproved by OASISas a standard in March 2007. Using the extensions defined in WS-Trust, applications can engage in secure communication designed to work within the Web services framework. Overview WS-Trust defines a number of new elements, concepts and artifacts in support of that goal, including: * the concept of a Security Token Service (STS) - a web service that issues security tokens as defined in the WS-Security specification. * the formats of the messages used to request security tokens and the responses to those messages. * mechanisms for key exchange WS-Trust is ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
WS-SecureConversation
WS-SecureConversation is a Web Services specification, created by IBM and others, that works in conjunction with WS-Security, WS-Trust and WS-Policy to allow the creation and sharing of security contexts. Extending the use cases of WS-Security, the purpose of WS-SecureConversation is to establish security contexts for multiple SOAP message exchanges, reducing the overhead of key establishment. Features * Establish a new security context in following modes: ** Security context token created by a security token service (WS-Trust STS) ** Security context token created by one of the communicating parties and propagated with a message ** Security context token created through negotiation/exchanges * Renew security context * Amend Security context (add claims) * Cancel security context * Derive key: parties may use different keys per side and function (sign/encrypt), and change keys frequently to prevent cryptographic attacks * Maintain high secure context WS-SecureConversation is m ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
WSDL
The Web Services Description Language (WSDL ) is an XML-based interface description language that is used for describing the functionality offered by a web service. The acronym is also used for any specific WSDL description of a web service (also referred to as a ''WSDL file''), which provides a machine-readable description of how the service can be called, what parameters it expects, and what data structures it returns. Therefore, its purpose is roughly similar to that of a type signature in a programming language. The latest version of WSDL, which became a W3C recommendation in 2007, is WSDL 2.0. The meaning of the acronym has changed from version 1.1 where the "D" stood for "Definition". Description The WSDL describes services as collections of network Communication endpoint, endpoints, or Port (computer networking), ports. The WSDL specification provides an XML File format, format for documents for this purpose. The abstract definitions of ports and messages are separated f ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Web Service Specifications
Web most often refers to: * Spider web, a silken structure created by the animal * World Wide Web or the Web, an Internet-based hypertext system Web, WEB, or the Web may also refer to: Computing * WEB, a literate programming system created by Donald Knuth * GNOME Web, a Web browser * Web.com, a web-design company * Webs (web hosting), a Web hosting and website building service Engineering * Web (manufacturing), continuous sheets of material passed over rollers ** Web, a roll of paper in offset printing * Web, the vertical element of an I-beam or a rail profile * Web, the interior beams of a truss Films * ''Web'' (2013 film), a documentary * ''Webs'' (film), a 2003 science-fiction movie * ''The Web'' (film), a 1947 film noir * Charlotte's Web (2006 film) Literature * ''Web'' (comics), a MLJ comicbook character (created 1942) * ''Web'' (novel), by John Wyndham (1979) * The Web (series), a science fiction series (1997–1999) * World English Bible, a public-domain Bible t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security Technology
Security is protection from, or resilience against, potential harm (or other unwanted Coercion, coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social groups, objects and institutions, ecosystems or any other entity or phenomenon vulnerable to unwanted change. Security mostly refers to protection from hostile forces, but it has a wide range of other senses: for example, as the absence of harm (e.g. freedom from want); as the presence of an essential good (e.g. food security); as Resilience (organizational), resilience against potential damage or harm (e.g. secure foundations); as secrecy (e.g. a Telephone tapping, secure telephone line); as containment (e.g. a secure room or Prison cell, cell); and as a state of mind (e.g. emotional security). The term is also used to refer to acts and systems whose purpose may be to provide security (security companies, security forces, secur ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
