Question
2
Replies
223
Views
Accenture
Posted: September 9, 2019
Last activity: September 21, 2019
Closed
Solved
What is the difference between WS Security Profile and Web Service Policy and where to use it what?
Hi All,
I have got confused on where to use WS Security Profile and Web Service Policy. Could you please clear my doubts and also share any article that explains how to configure both for SOAP Services.
Hi,
Web Services Security (WS-Security) is an extension to SOAP to apply security to Web services.
The protocol specifies how integrity and confidentiality can be enforced on messages and allows the communication of various security token formats, such as Security Assertion Markup Language (SAML), Kerberos, and X.509. Its main focus is the use of XML Signature and XML Encryption to provide end-to-end security.
Web Service policy (WS-Policy) is a specification that allows web services to use XML to advertise their policies (on security, quality of service, etc.) and for web service consumers to specify their policy requirements.
WS-Policy represents a set of specifications that describe the capabilities and constraints of the security (and other business) policies on intermediaries and end points (for example, required security tokens, supported encryption algorithms, and privacy rules) and how to associate policies with services and end points.
Thank You,