Web Services Security is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS.
The WS-I Basic Profile, a specification from the Web Services Interoperability industry consortium (WS-I), provides interoperability guidance for core Web Services specifications such as SOAP, WSDL, and UDDI. The profile uses Web Services Description Language (WSDL) to enable the description of services as sets of endpoints operating on messages.
WS-ReliableMessaging describes a protocol that allows SOAP messages to be reliably delivered between distributed applications in the presence of software component, system, or network failures.
Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:
The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.
The Jakarta XML Web Services is a Jakarta EE API for creating web services, particularly SOAP services. JAX-WS is one of the Java XML programming APIs.
SOA security addresses the issue of combining services in a service-oriented architecture (SOA) in a secure manner. These issues arise as an effect of the main premise of SOA, which is to erase application boundaries and technology differences. Prior to the application of SOA methodologies, security models have traditionally been hardcoded into applications, and when capabilities of an application are opened up for use by other applications, the existing built-in security models may not be good enough.
Apache Axis2 is a web service engine. It is a redesign and re-write of the widely used Apache Axis SOAP stack. Implementations of Axis2 are available in Java and C.
Apache CXF is an open source software project developing a Web services framework. It originated as the combination of Celtix developed by IONA Technologies and XFire developed by a team hosted at Codehaus in 2006. These two projects were combined at the Apache Software Foundation. The name "CXF" was derived by combining "Celtix" and "XFire".
WS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure message exchange.
WS-Federation is an Identity Federation specification, developed by a group of companies: BEA Systems, BMC Software, CA Inc., IBM, Microsoft, Novell, Hewlett Packard Enterprise, and VeriSign. Part of the larger Web Services Security framework, WS-Federation defines mechanisms for allowing different security realms to broker information on identities, identity attributes and authentication.
WS-Security Policy is a web services specification, created by IBM and 12 co-authors, that has become an OASIS standard as of version 1.2. It extends the fundamental security protocols specified by the WS-Security, WS-Trust and WS-Secure Conversation by offering mechanisms to represent the capabilities and requirements of web services as policies. Security policy assertions are based on the WS-Policy framework.
The Microsoft Open Specification Promise is a promise by Microsoft, published in September 2006, to not assert its patents, in certain conditions, against implementations of a certain list of specifications.
Apache ODE is a software coded in Java as a workflow engine to manage business processes which have been expressed in the Web Services Business Process Execution Language (WS-BPEL) via a website. It was made by the Apache Software Foundation and released in a stable format on March 23, 2018. The software principally communicates with one or more Web services, sending and receiving messages, manipulating data and handling exceptions (errors) as defined by any given process. The engine is capable of running both long and short living processes to coordinate all the services that make up a service or application (orchestration).
Apache Synapse is a simple, lightweight and high performance open source enterprise service bus (ESB) and mediation engine. It began incubation at the Apache Software Foundation on August 22, 2005, and became a sub project of the Apache Web Services project on January 2, 2007. After implementing extensive support for legacy systems integration, it moved to a Top Level Project of the Apache Software Foundation on the February 5, 2008. Apache Synapse is released under the Apache License.
Sanjiva Weerawarana is a CEO, software developer and open-source software evangelist. He is known for his work on Web Services standards including WSDL, BPEL, and WS-Addressing. He is the founder, chairman and CEO of WSO2, an open-source middleware company, and creator of the Ballerina programming language. His involvement with the Apache Software Foundation includes project work on SOAP, Apache Axis and Apache Axis2.
Security token service (STS) is a cross-platform open standard core component of the OASIS group's WS-Trust web services single sign-on infrastructure framework specification.cf. Within that claims-based identity framework, a secure token service is responsible for issuing, validating, renewing and cancelling security tokens. The tokens issued by security token services can then be used to identify the holder of the token to services that adhere to the WS-Trust standard. Security token service provides the same functionality as OpenID, but unlike OpenID is not patent encumbered. Together with the rest of the WS-Trust standard, the security token service specification was initially developed by employees of IBM, Microsoft, Nortel and VeriSign.
WS-Security is a flexible and feature-rich extension to SOAP to apply security to web services. It is a member of the WS-* family of web service specifications and was published by OASIS. Closely related to WS-Security is WS-Trust, also a WS-* specification and OASIS standard that provides extensions to WS-Security.
