Proposed Web Services Security Specifications

Over the last several years, Microsoft and IBM have worked closely together to define various specifications for Web services. For example, they have proposed XML as the preferred way to represent data; Simple Object Access Protocol (SOAP) as the preferred format for moving XML data between various systems; and the Web Services Description Language (WSDL) and Universal Discovery, Description, and Identification (UDDI) directory to assist Web services in finding and learning about one another. These specifications have achieved wide industry acceptance and are generally considered part of the term Web services.

However, both companies have realized that these specifications are not sufficient to solve all the problems associated with Web services. In particular, they make no provision for transmitting data securely between Web services.

So in Apr. 2002, Microsoft, IBM, and security certificate company VeriSign proposed a new specification called WS-Security. WS-Security defines a standard set of mechanisms to exchange secure, signed SOAP messages. Because the information in authentication tickets or tokens must be secure, TrustBridge and the revamped Passport will use WS-Security.