WS-SecureConversation (Web Services Secure Conversation Language)

WS-SecureConversation, also called Web Services Secure Conversation Language, is a specification that provides secure communication between Web services using session keys. WS-SecureConversation, released in 2005, is an extension of WS-Security and WS-Trust.

WS-SecureConversation works by defining and implementing an encryption key to be shared among all the entities involved in a communications session. The originating entity defines the encryption algorithm and generates the key, which is embedded in a SOAP (Simple Object Access Protocol) message. (This key can also be used to encrypt the SOAP message itself.) When the intended destination entities receive the message, they decrypt it and retrieve the session key, which can then be used to facilitate secure communications for the remainder of that session.

WS-SecureConversation is a part of the Microsoft Web Services Enhancement 2.0 toolkit.

This was last updated in August 2007

Continue Reading About WS-SecureConversation (Web Services Secure Conversation Language)

Dig Deeper on DevSecOps and automated security