Skip to main content
purple hex pattern

Why is it needed?

Security mechanisms like TLS (Transport Layer Security) are insufficient for securing Web Services. Since TLS creates a secure channel through which messages flow, it is incapable of differentiated protection, e.g. encrypting and/or signing only particular components of those messages. This is relevant when non-sensitive portions of the message need to be accessed or changed by intermediate actors. Additionally, in a scenario where a SOAP message might flow through multiple actors, TLS is incapable of providing end-to-end protection; TLS only allows each ‘hop’ to be protected-with the resultant security gaps at intermediate actors.

Status

A new OASIS Technical Committee was formed in August 2002 to oversee the standardization of the WS-Security proposal.

Entrust Support for WS-Security

Entrust supports XML Signature and XML Encryption, which are fundamental building blocks for WS-Security, with Entrust Certificate Authority's Security Toolkit for Java.