A References List for SOAP based Services Security

For more that one time, I’ve been asked for a list of references regarding security in SOAP-based services. This time, I’ve decided to blog it so that I can find it/link to it in the future: 


  • The Laws of Identity
    Introduces the concepts of an identity meta-system and of claims-based digital identities.
    Also contains a set of laws, describing requirements that an digital identity system should possess.
  • Design Rationale behind the Identity Metasystem Architecture
    Describes the identity meta-system architectural elements, the rational behind them, and how they can be mapped to concrete technologies and specifications.



  • WS-Trust 1.3
    Introduces the concept of Security Token Services (STS) as a service for the issuance of security tokens. It also defines a request-response protocol for interacting with the STS.
    An STS concretizes the claims transformer abstract concept, which is a key element in the identity meta-system.
    This specification builds upon the WS-Security specification.


  • WS-SecureConversation 1.3
    Defines how to optimize conversations comprised by more that one message interaction, by defining the concept of a security context and a security context token that refers to it.
    This specification builds upon the WS-Security and WS-Trust specifications.



  • Web Services Policy 1.5
    Defines a model and associated XML syntax for describing service’s requirements and capabilities. It is based on the abstract concept of policy assertion, which defines one requirement or capability.


  • WS-SecurityPolicy 1.2
    This specification defines several concrete policy assertions for the security domain.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s