WS-SecurityPolicy
WS-SecurityPolicy is a specification from the group of WS- * specifications for web services . It defines so-called "security-based policy assertions" for web services. This is understood to mean assurances that must be met by web services so that security-relevant aspects are met. The transmission of these policy assertions can (and should) be secured via the WS- * specifications, including WS-Security , WS-Trust and WS-SecureConversation .
In version 1.2, the specification was adopted as the standard by the Organization for the Advancement of Structured Information Standards (OASIS) on July 1, 2007.
Assurances
Security-relevant assurances can be made on different communication levels. These are message layer and transport layer security mechanisms. The following assurances are defined:
- Protection assertions
- Token assertions
- Security binding assertions
alternative
- eXtensible Access Control Markup Language (XACML) - an XML schema and another OASIS standard for WebService Security
See also
Web links
Individual evidence
- ↑ Web Services Security Policy Language ( Memento of May 10, 2009 in the Internet Archive )