About Security Policy for Web Services

See Also 

Web Services Security Policy defines a standard set of patterns or sets of assertions that represent common ways to describe how messages are secured on a communications path. This Web Services Interoperability Technology (WSIT) implementation allows flexibility in terms of tokens, cryptography, and mechanisms used, including leveraging transport security, but is specific enough to ensure interoperability based on assertion matching by Web service clients and Web services providers.

Security Binding Assertions

Individual assertions are designed to be used in multiple combinations. The binding represents common usage patterns for security mechanisms. These security binding assertions are used to determine how the security is performed and what to expect in the wsse:Security header.

A binding defines the following security characteristics:

• The minimum set of tokens that will be used and how they are bound to messages.
• Any necessary key transfer mechanisms.
• Any required message elements (e.g. timestamps).
• The content and ordering of elements in the wsse:Security header. Elements not specified in the binding are not allowed.
• How correlation of messages is performed securely (if applicable to the message pattern).

The information in the binding, along with the assertions describing conditions and scope, provide enough information to secure messages between an initiator and a recipient.