WSS Guidance - Token Services

​Web Security Standards Guidance Token Services

Chief Information Officer

IC Technical Specifications

Web Security Standards Guidance: Token Services



The information guidance document for Web Security Standards Guidance for Token Services (WSS-TS) defines guidance on the use of token services. Token services represent a technical approach to implement secure messaging for credentials both within and across trust domains. This document outlines and describes a set of representative use cases.


This specification is maintained by the IC Chief Information Officer via the Data Standards Coordination Activity (DSCA) and Common Metadata Standards Tiger Team (CMSTT).


Technical Specification Downloads


Latest Approved Public Release:


Mission Requirements


The IC CIO funds and oversees a number of critical enabling projects, including the IC Information Technology Enterprise (IC ITE). The IC ITE makes extensive use of web services and distributed processing, yet each individual program providing services therein requires explicit guidance on building secure, interoperable web services.


This document provides general and prescriptive guidance for the development of secure and interoperable web services security solutions in support of the following Office of the Director of National Intelligence (ODNI) policies and implementation guidance.