Chapter 8. Web service specifications 177
Messages are secure until explicitly processed.
We can save time by only applying security to sections of our messages.
We can route messages via intermediaries and still keep them secure.
The two most fundamental security specifications are WS-Security 2004 and the
WS-I Security Profile. WS-Security 2004 defines standards for basic security
processes such as authentication, digital signature and encryption. Two related
documents published by OASIS define username tokens and X.509 security
tokens.
The WS-I Security Profile clarifies ambiguities in many of the OASIS standards,
including:
Transport layer security
Security tokens
Security token references
Signature
Encryption
Algorithms
Username ...