WS-SecureConversation, also called Web Services Secure Conversation Language, is a specification that provides secure communication between Web services using session keys. WS-SecureConversation, released in 2005, is an extension of WS-Security and WS-Trust.
WS-SecureConversation works by defining and implementing an encryption key to be shared among all the entities involved in a communications session. The originating entity defines the encryption algorithm and generates the key, which is embedded in a SOAP (Simple Object Access Protocol) message. (This key can also be used to encrypt the SOAP message itself.) When the intended destination entities receive the message, they decrypt it and retrieve the session key, which can then be used to facilitate secure communications for the remainder of that session.Content Continues Below
WS-SecureConversation is a part of the Microsoft Web Services Enhancement 2.0 toolkit.
Continue Reading About WS-SecureConversation (Web Services Secure Conversation Language)
- Liang Fang and others describe a method of secure password-based authentication based on WS-SecureConversation and WS-Trust (PDF)