Web Services Security (WS-Security) is a specification that protects SOAP messages to ensure end-to-end security for web services. WS-Security was approved as the OASIS standard in April 2004 and the first stage of standardization has been completed. Although the interoperability of WS-Security itself has been examined, business applications of WS-Security have not yet been fully investigated. Applying WS-Security to actual businesses is the next step. We conducted a large-scale demonstration experiment with web services using a travel industry model. We applied WS-Security to travel booking transactions and succeeded in ensuring end-to-end security by signing and encrypting credit card numbers. We give an overview of the experiment, point out the problems experienced and provide a possible solution. The experiment revealed that problems still remain with respect to communication via an intermediary.
web services, security, WS-Security