HOME

TheInfoList



Click Here for Items Related To - WS-SecureConversation
OR:
WS-SecureConversation on:   [Wikipedia]   [Google]   [Amazon]

WS-SecureConversation is a Web Services specification, created by IBM and others, that works in conjunction with WS-Security, WS-Trust and WS-Policy to allow the creation and sharing of security contexts. Extending the use cases of WS-Security, the purpose of WS-SecureConversation is to establish security contexts for multiple SOAP message exchanges, reducing the overhead of key establishment.


Features

* Establish a new security context in following modes: ** Security context token created by a security token service (WS-Trust STS) ** Security context token created by one of the communicating parties and propagated with a message ** Security context token created through negotiation/exchanges * Renew security context * Amend Security context (add claims) * Cancel security context * Derive key: parties may use different keys per side and function (sign/encrypt), and change keys frequently to prevent cryptographic attacks * Maintain high secure context WS-SecureConversation is meant to provide an extensible framework and a flexible syntax, with which one could implement various security mechanisms. It does not by itself guarantee security, but the implementor has to ensure that the result is not vulnerable to any attack.


Pros/Cons

Following a pattern similar to
TLS TLS may refer to: Computing * Transport Layer Security, a cryptographic protocol for secure computer network communication * Thread level speculation, an optimisation on multiprocessor CPUs * Thread-local storage, a mechanism for allocating vari ...
, WS-SecureConversation establishes a kind of session key. The processing overhead for key establishment is reduced significantly when compared to WS-Security in the case of frequent message exchanges. However, a new layer is put on top of WS-Security, that implies other WS-* protocols like WS-Addressing and WS-Trust. So the importance of performance has to be compared to the added complexity and dependencies. See the performance section in WS-Security.


External links


WS-SecureConversation 1.4 Specification


Associated specifications

The following specifications are associated with WS-SecureConversation: * WS-Addressing * WS-Policy * WS-Security * WS-Trust


See also

* Family of WS-* specifications


References

{{DEFAULTSORT:Ws-Secureconversation
Security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...