Abstract

This specification defines extensions that build on [WS-Security] and [WS-Trust] to provide secure communication across one or more messages. Specifically, this specification defines mechanisms for establishing and sharing security contexts, and deriving keys from established security contexts (or any shared secret). Modular Architecture By using the XML, SOAP, and WSDL extensibility models, the WS-* specifications are designed to be composed with each other to provide a rich Web services environment. WS-SecureConversation by itself does not provide a complete security solution for Web services. WS-SecureConversation is a building block that is used in conjunction with other Web service and application-specific protocols to accommodate a wide variety of security models. Status This WS-SecureConversation Specification is a revised public draft release and is provided for review and evaluation only. Actional, BEA, Computer Associates, IBM, Layer7, Microsoft, Oblix, OpenNetwork, Ping Identity, Reactivity, RSA Security, and VeriSign hope to solicit your contributions and suggestions in the near future. Actional, BEA, Computer Associates, IBM, Layer7, Microsoft, Oblix, OpenNetwork, Ping Identity,