Secure Web Services Akylbek Zhumabayev Rochester Institute of Technologies
Legend Implemented Standard Implemented in additional product Security Layer Existing Standard Implemented in part of solutions
Security Standards for WS XML XML Signature (W3C) XML Encryption (W3C) SOAP WS-Addressing (W3C) WS-Security (OASIS) Resource Trust Secure Context Policy SAML Kerberos REL X.509 WS-SecureConversation (IBM) XACML (OASIS) RBAC (NIST) EPAL (IBM) WS-Policy (W3C) WS-Security Policy (OASIS) WS-Trust (OASIS) XKMS (W3C) WS-Federation (IBM) IDFF Shibboleth Reliability WS-Reliable Messaging (OASIS) WS-Reliability (OASIS) U/P
Popular Solutions Microsoft WCF Sun Metro (JAX-WS + JAXB + WSIT) Apache Axis2 (Rampart + Rahas + Sandesha2) Apache CXF (based on JAX-WS) More: IBM WebSphere WSO2 Web Service Framework BEA WebLogic
Microsoft WCF XML XML Signature (W3C) XML Encryption (W3C) SOAP WS-Addressing (W3C) WS-Security (OASIS) Resource Trust Secure Context Policy SAML Kerberos REL X.509 WS-SecureConversation (IBM) XACML (OASIS) RBAC (NIST) EPAL (IBM) WS-Policy (W3C) WS-Security Policy (OASIS) WS-Trust (OASIS) XKMS (W3C) WS-Federation (IBM) IDFF Shibboleth Reliability WS-Reliable Messaging (OASIS) WS-Reliability (OASIS) U/P
Sun Metro XML XML Signature (W3C) XML Encryption (W3C) SOAP WS-Addressing (W3C) WS-Security (OASIS) Resource Trust Secure Context Policy SAML Kerberos REL X.509 WS-SecureConversation (IBM) XACML (OASIS) RBAC (NIST) EPAL (IBM) WS-Policy (W3C) WS-Security Policy (OASIS) WS-Trust (OASIS) XKMS (W3C) WS-Federation (IBM) IDFF Shibboleth Reliability WS-Reliable Messaging (OASIS) WS-Reliability (OASIS) U/P
Apache Axis2 XML XML Signature (W3C) XML Encryption (W3C) SOAP WS-Addressing (W3C) WS-Security (OASIS) Resource Trust Secure Context Policy SAML Kerberos REL X.509 WS-SecureConversation (IBM) XACML (OASIS) RBAC (NIST) EPAL (IBM) WS-Policy (W3C) WS-Security Policy (OASIS) WS-Trust (OASIS) XKMS (W3C) WS-Federation (IBM) IDFF Shibboleth Reliability WS-Reliable Messaging (OASIS) WS-Reliability (OASIS) U/P
Apache CXF XML XML Signature (W3C) XML Encryption (W3C) SOAP WS-Addressing (W3C) WS-Security (OASIS) Resource Trust Secure Context Policy SAML Kerberos REL X.509 WS-SecureConversation (IBM) XACML (OASIS) RBAC (NIST) EPAL (IBM) WS-Policy (W3C) WS-Security Policy (OASIS) WS-Trust (OASIS) XKMS (W3C) WS-Federation (IBM) IDFF Shibboleth Reliability WS-Reliable Messaging (OASIS) WS-Reliability (OASIS) U/P
Common WS-* Stack WS-Addressing WS-Security: Username/Password, SAML, X.509 SAML includes XML Encryption and XML Signature WS-Trust (except Apache CXF) WS-Security Policy (except Apache) WS-Policy (except Apache Axis2) WS-Secure Conversation (except Apache CXF) WS-Reliable Messaging
1-MS, 2-Sun, 3-Axis2, 4-CXF XML XML Signature XML Encryption SOAP WS-Addressing WS-Security Resource Trust Secure Context Policy SAML Kerberos (1,2) REL X.509 WS-SecureConversation (1,2,3) XACML RBAC EPAL WS-Policy (1,2,4) WS-Security Policy (1,2) WS-Trust (1,2,3) XKMS WS-Federation IDFF Shibboleth Reliability WS-Reliable Messaging WS-Reliability (2) U/P
GSI XML XML Signature (W3C) XML Encryption (W3C) SOAP WS-Addressing (W3C) WS-Security (OASIS) Resource Trust Secure Context Policy SAML Kerberos REL X.509 WS-SecureConversation (IBM) XACML (OASIS) RBAC (NIST) EPAL (IBM) WS-Policy (W3C) WS-Security Policy (OASIS) WS-Trust (OASIS) XKMS (W3C) WS-Federation (IBM) IDFF Shibboleth Reliability WS-Reliable Messaging (OASIS) WS-Reliability (OASIS) U/P