WSS High Level Guidance

Web Service Security High Level Guidance

Chief Information Officer

IC Technical Specifications

Web Service Security

Overview


The High Level Guidance for Web Service Security (WSS-HLG) provides guidance to solutions architects and developers on how to consistently approach circumstances for which security solutions are required. This document focuses on security fundamentals essential to designing and building secure solutions that involve web services focusing on approaches for access control, use of assertions, security markings, confidentiality, integrity, and non-repudiation. The WSS-HLG provides solution approaches at a high level, intended to provide an understanding of information security fundamentals essential to such solutions, for the purpose of building both secure and interoperable approaches that are consistent across the IC.

The High Level Guidance for Web Service Security (WSS-HLG) provides important guidance for building and integrating with web services solutions in an interoperable, secure, and consistent manner. As there is a great number of standards, technical mechanisms, and capabilities that can be used for building web services security solutions, it is important that solutions architects understand the tradeoffs, risks, and benefits of approaches. It is critical, from a security and interoperability perspective, that security mechanisms are applied in a consistent manner, and this document provides needed guidance in the areas of access control, assertion passing, security markings, confidentiality, integrity, and non-repudiation.

The intended audience of this information guidance document is project managers, software architects, network architects, and developers who develop and integrate with web services. This document provides guidance in areas that will be important in satisfying security requirements and information security goals in a secure and interoperable manner.


Latest Approved Version