Web Services Security
Web Services Security (WSS or WSSE) is a set of specifications defined by the OASIS Web Services Security (WSS) Technical Committee.
WSS defines XML extensions used to secure web service invocations, providing a standard way for partners to add message integrity and confidentiality to web service interactions. The WSS-defined token profiles describe standard ways of binding security tokens to these messages, enabling a variety of additional capabilities. Defined profiles include SAML assertions, Username, Kerberos, X.509, and other existing security tokens. SSL/TLS is often used in conjunction with deployments of WSS. For more information, see OASIS Open community.
The implementation of WSS in the deployment of web services identity federations is outside the scope of PingFederate, which provides a standalone, standard means of handling the tokens needed for such federations. See WS-Trust. |
Processing steps
-
A user requests content from an application.
-
The web service client sends a web service request to the WSP, including the SAML assertion in a WSS header.
-
The WSP responds to the request and sends an SSL/TLS token back to the application.
-
The web service client returns an HTML page to the user.