Diff for WS-Security OASIS Standard

About this site

The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

Diff for WS-Security OASIS Standard

--- Wed, 2007-12-19 15:01 by carolgeyer
+++ Wed, 2007-12-19 15:03 by carolgeyer
 <h3>WS-Security and SAML </h3>
 <p>
-There is a SAML token profile of WS-Security that specifies
+The <a href="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0.pdf">WS-Security SAML token profile</a> specifies
 how SAML assertions can be used to provide message security.
 </p>
 <h3>See also:</h3>
 <p>
-- <a href="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0.pdf">WS-Security SAML Token Profile 1.0</a>
+- <a href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss">OASIS WSS Technical Committee archive</a>
 </p>

Current revision:

WS-Security OASIS Standard

The Web Services Security (WS-Security) OASIS Standard specifies how SOAP messages can have their integrity and confidentiality ensured.

WS-Security defines a framework for securing SOAP messages, with the specifics being defined in profiles determined by the nature of the security token used to carry identity information. So, for instance, there are different profiles of WS-Security for various different security token formats such as X.509 certificates and Kerberos tickets.

WS-Security and SAML

The WS-Security SAML token profile specifies how SAML assertions can be used to provide message security.

Additionally, SAML itself points to WS-Security as an approved mechanism for securing SOAP messages carrying SAML protocol messages and assertions.