WS-SecureConversation is a Web Services specification, created by IBM and others, that works in conjunction with WS-Security, WS-Trust and WS-Policy to allow the creation and sharing of security contexts. Extending the use cases of WS-Security, the purpose of WS-SecureConversation is to establish security contexts for multiple SOAP message exchanges, reducing the overhead of key establishment.[1]
Establish a new security context in following modes:
Security context token created by a security token service (WS-Trust STS)
Security context token created by one of the communicating parties and propagated with a message
Security context token created through negotiation/exchanges
Renew security context
Amend Security context (add claims)
Cancel security context
Derive key: parties may use different keys per side and function (sign/encrypt), and change keys frequently to prevent cryptographic attacks
Maintain high secure context
WS-SecureConversation is meant to provide an extensible framework and a flexible syntax, with which one could implement various security mechanisms. It does not by itself guarantee security, but the implementor has to ensure that the result is not vulnerable to any attack.
Pros/Cons
Following a pattern similar to TLS, WS-SecureConversation establishes a kind of session key. The processing overhead for key establishment is reduced significantly when compared to WS-Security in the case of frequent message exchanges. However, a new layer is put on top of WS-Security, that implies other WS-* protocols like WS-Addressing and WS-Trust. So the importance of performance has to be compared to the added complexity and dependencies. See the performance section in WS-Security.
External links
WS-SecureConversation 1.4 Specification
Associated specifications
The following specifications are associated with WS-SecureConversation:
^. Archived from the original on 2007-08-28. Retrieved 2007-07-06.
March 05, 2023
secureconversation, services, specification, created, others, that, works, conjunction, with, security, trust, policy, allow, creation, sharing, security, contexts, extending, cases, security, purpose, establish, security, contexts, multiple, soap, message, ex. WS SecureConversation is a Web Services specification created by IBM and others that works in conjunction with WS Security WS Trust and WS Policy to allow the creation and sharing of security contexts Extending the use cases of WS Security the purpose of WS SecureConversation is to establish security contexts for multiple SOAP message exchanges reducing the overhead of key establishment 1 Contents 1 Features 2 Pros Cons 3 External links 4 Associated specifications 5 See also 6 ReferencesFeatures EditEstablish a new security context in following modes Security context token created by a security token service WS Trust STS Security context token created by one of the communicating parties and propagated with a message Security context token created through negotiation exchanges Renew security context Amend Security context add claims Cancel security context Derive key parties may use different keys per side and function sign encrypt and change keys frequently to prevent cryptographic attacks Maintain high secure contextWS SecureConversation is meant to provide an extensible framework and a flexible syntax with which one could implement various security mechanisms It does not by itself guarantee security but the implementor has to ensure that the result is not vulnerable to any attack Pros Cons EditFollowing a pattern similar to TLS WS SecureConversation establishes a kind of session key The processing overhead for key establishment is reduced significantly when compared to WS Security in the case of frequent message exchanges However a new layer is put on top of WS Security that implies other WS protocols like WS Addressing and WS Trust So the importance of performance has to be compared to the added complexity and dependencies See the performance section in WS Security External links EditWS SecureConversation 1 4 SpecificationAssociated specifications EditThe following specifications are associated with WS SecureConversation WS Addressing WS Policy WS Security WS TrustSee also EditFamily of WS specificationsReferences Edit Web Services Secure Conversation Language Archived from the original on 2007 08 28 Retrieved 2007 07 06 Retrieved from https en wikipedia org w index php title WS SecureConversation amp oldid 1056169813, wikipedia, wiki, book, books, library,
