 |
Security Research |
|
|
Web Services Security
Web
Services provides a new paradigm for developing applications that operate
- Entirely on a single system
- Across many systems but within a well defined network
- Across many systems that span many networks.
Web
Services are a set of emerging standards that define how the web service
endpoints should behave and communicate with each other. Web services
abstracts the communication interface and provides independence from
implementation and deployment choices, leading to greater interoperability
and automation of key business processes across network boundaries.
When
consuming or providing Web Services, VeriSign SSL certificates lets
you combine both transport security and application layer security to
achieve all needed levels of trust. See the Trust, VeriSign SSL certificates,
and Web Services sections for further discussion.
VeriSign
has donated to the Apache Software Foundation source code to implement
Web Services security. For more information see http://incubator.apache.org/tsik.
VeriSign's
WSS interoperability testing server is available at http://interop.bbtest.net.
We
have helped define some of the security aspects and have collaboratively
published the following:
December 2006
WS-Federation
Specification 1.1 (PDF)
WS-Federation.xsd
WS-Federation.wsdl
WS-Authorization.xsd
WS-Privacy.xsd
March 2006
Web
Services Capability (PDF)
Web
Services Policy Framework (PDF)
policy-2006-03-01-RC1.xsd
July 2005
VeriSign/IBM/Microsoft/RSA
WS-SecurityPolicy Specification 1.1 (PDF)
February 2005
VeriSign/IBM/Microsoft/RSA
et al WS-SecureConversation Specification (PDF)
VeriSign/IBM/Microsoft/RSA
et al WS-Trust Specification (PDF)
September 2004
VeriSign/IBM/Microsoft/BEA
Systems/SAP/Sonic Software WS-Policy Specification (PDF)
VeriSign/IBM/Microsoft/BEA
Systems/SAP/Sonic Software WS-PolicyAttachment Specification
(PDF)
July 2003
VeriSign/IBM/Microsoft/RSA/BEA
WS-Federation Specification (PDF)
VeriSign/IBM/Microsoft/RSA/BEA
WS-Federation Active Client Profile (PDF)
VeriSign/IBM/Microsoft/RSA/BEA
WS-Federation Passive Client Profile (PDF)
December 2002
VeriSign/IBM/Microsoft/RSA
WS-SecurityPolicy Specification (PDF)
VeriSign/IBM/Microsoft/RSA
WS-Trust Specification (PDF)
VeriSign/IBM/Microsoft/RSA
WS-SecureConversation Specification (PDF)
Related Specifications
IBM/Microsoft/BEA/SAP
WS-Policy (PDF)
IBM/Microsoft/BEA/SAP
WS-PolicyAttachment (PDF)
IBM/Microsoft/BEA/SAP
WS-PolicyAssertions (PDF)
August 2002
VeriSign/IBM/Microsoft
WS-Security Addendum (PDF)
April 2002
VeriSign/IBM/Microsoft
WS-Security Specification (PDF)
IBM-Microsoft
Web Services Roadmap (PDF)
WS-Security License
Use of the WS-Security Specification may be subject to certain patent
claims asserted by VeriSign, Inc. and other entities. To the extent
that use of the specification would necessarily infringe such claims
(each "necessary claim"), you may obtain a royalty-free Necessary
Claims license permitting your use of the specification by submitting
a properly executed copy of the License Agreement below to VeriSign.
Please note that Necessary Claims relating to the WS-Security Specification
have also been asserted by other entities, see http://www.oasis-open.org/committees/wss/ipr.php,
and you may want to contact those companies separately to obtain the
necessary licenses concerning such claims.
VeriSign's WSS
License Agreement.
Executed copies of the License Agreement should be delivered
to VeriSign via facsimile sent to the following number: +1-650-426-5510,
mark with attention to APRG Administrator, Charlene Wynn. For more information,
please send an email to wss-license@verisign.com.
|
Worldwide Sites
