WSS defines XML extensions used to secure web service invocations, providing a standard way for partners to add message integrity and confidentiality to web service interactions. The WSS-defined token profiles describe standard ways of binding security tokens to these messages, enabling a variety of additional capabilities. Defined profiles include SAML assertions, Username, Kerberos, X.509, and other existing security tokens. SSL/TLS is often used in conjunction with deployments of WSS. For more information see https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss.

Note:

The implementation of WSS in the deployment of web services identity federations is outside the scope of PingFederate, which provides a standalone, standard means of handling the tokens needed for such federations. See WS-Trust.

WSS token transfer
Diagram illustrating the WSS token transfer flow.

Processing steps

  1. A user requests content from an application.
  2. The web service client sends a web service request to the WSP, including the SAML assertion in a WSS header.
  3. The WSP responds to the request and sends an SSL/TLS token back to the application.
  4. The web service client returns an HTML page to the user.