Security for Web Services - Standards and Research Issues
Source: Purdue University
This paper identifies the main security requirements for Web services and it describes how such security requirements are addressed by standards for Web services security recently developed or under development by various standardizations bodies. Standards are reviewed according to a conceptual framework that groups them by the main functionalities they provide. Standards that are covered include most of the standards encompassed by the WSS roadmap ; the Security Assertion Markup Language -SAML-, WS-Policy, XACML, that is related to access control and has been recently extended with a pro le for Web services access control; XKMS and WS-Trust; WS-Federation, LibertyAlliance and Shibboleth, that address the important problem of identity management in federated organizations.