WS-SecureConversation
Encyclopedia
WS-SecureConversation is a Web Services specification, created by IBM
and others, that works in conjunction with WS-Security
, WS-Trust
and WS-Policy
to allow the creation and sharing of security contexts. Extending the use cases of WS-Security
, the purpose of WS-SecureConversation is to establish security contexts for multiple SOAP message exchanges, reducing the overhead of key establishment.
WS-SecureConversation is meant to provide an extensible framework and a flexible syntax, with which one could implement various security mechanisms. It does not by itself guarantee security, but the implementor has to ensure that the result is not vulnerable to any attack.
, WS-SecureConversation establishes a kind of session key. The processing overhead for key establishment is reduced significantly when compared to WS-Security in the case of frequent message exchanges.
However, a new layer is put on top of WS-Security, that implies other WS-* protocols like WS-Addressing and WS-Trust. So the importance of performance has to be compared to the added complexity and dependencies.
See the performance section in WS-Security.
IBM
International Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...
and others, that works in conjunction with WS-Security
WS-Security
WS-Security is a flexible and feature-rich extension to SOAP to apply security to web services. It is a member of the WS-* family of web service specifications and was published by OASIS....
, WS-Trust
WS-Trust
WS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure...
and WS-Policy
WS-Policy
WS-Policy is a specification that allows web services to use XML to advertise their policies and for web service consumers to specify their policy requirements.WS-Policy is a W3C recommendation as of September 2007....
to allow the creation and sharing of security contexts. Extending the use cases of WS-Security
WS-Security
WS-Security is a flexible and feature-rich extension to SOAP to apply security to web services. It is a member of the WS-* family of web service specifications and was published by OASIS....
, the purpose of WS-SecureConversation is to establish security contexts for multiple SOAP message exchanges, reducing the overhead of key establishment.
Features
- Establish a new security context in following modes:
- Security context token created by a security token service (WS-Trust STS)
- Security context token created by one of the communicating parties and propagated with a message
- Security context token created through negotiation/exchanges
- Renew security context
- Amend Security context (add claims)
- Cancel security context
- Derive key: parties may use different keys per side and function (sign/encrypt), and change keys frequently to prevent cryptographic attacks
WS-SecureConversation is meant to provide an extensible framework and a flexible syntax, with which one could implement various security mechanisms. It does not by itself guarantee security, but the implementor has to ensure that the result is not vulnerable to any attack.
Pros/Cons
Following a pattern similar to TLSTransport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
, WS-SecureConversation establishes a kind of session key. The processing overhead for key establishment is reduced significantly when compared to WS-Security in the case of frequent message exchanges.
However, a new layer is put on top of WS-Security, that implies other WS-* protocols like WS-Addressing and WS-Trust. So the importance of performance has to be compared to the added complexity and dependencies.
See the performance section in WS-Security.
External links
Associated specifications
The following specifications are associated with WS-SecureConversation:- WS-AddressingWS-AddressingWS-Addressing or Web Services Addressing is a specification of transport-neutral mechanisms that allow web services to communicate addressing information...
- WS-PolicyWS-PolicyWS-Policy is a specification that allows web services to use XML to advertise their policies and for web service consumers to specify their policy requirements.WS-Policy is a W3C recommendation as of September 2007....
- WS-SecurityWS-SecurityWS-Security is a flexible and feature-rich extension to SOAP to apply security to web services. It is a member of the WS-* family of web service specifications and was published by OASIS....
- WS-TrustWS-TrustWS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure...