---
title: Web Services Security
description: Web Services Security (WSS or WSSE) is a set of specifications defined by the OASIS Web Services Security (WSS) Technical Committee..
component: pingfederate
version: 13.1
page_id: pingfederate:introduction_to_pingfederate:pf_web_serv_security
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/introduction_to_pingfederate/pf_web_serv_security.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  processing-steps: Processing steps
---

# Web Services Security

Web Services Security (WSS or WSSE) is a set of specifications defined by the OASIS Web Services Security (WSS) Technical Committee..

WSS defines XML extensions used to secure web service invocations, providing a standard way for partners to add message integrity and confidentiality to web service interactions. The WSS-defined token profiles describe standard ways of binding security tokens to these messages, enabling a variety of additional capabilities. Defined profiles include SAML assertions, Username, Kerberos, X.509, and other existing security tokens. SSL/TLS is often used in conjunction with deployments of WSS. For more information see <https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss>.

|   |                                                                                                                                                                                                                                                          |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | The implementation of WSS in the deployment of web services identity federations is outside the scope of PingFederate, which provides a standalone, standard means of handling the tokens needed for such federations. See [WS-Trust](pf_ws_trust.html). |

![Diagram illustrating the WSS token transfer flow.](_images/ecj1564003102737.jpg)WSS token transfer

## Processing steps

1. A user requests content from an application.

2. The web service client sends a web service request to the WSP, including the SAML assertion in a WSS header.

3. The WSP responds to the request and sends an SSL/TLS token back to the application.

4. The web service client returns an HTML page to the user.