Fact-checked by Grok 2 weeks ago

WS-Discovery

Web Services Dynamic (WS-Discovery) is a technical specification that defines a for the dynamic of services on a local network, enabling clients to locate target services by type, scope, or endpoint reference without prior . Developed to support both small networks and larger managed environments, it operates primarily over using messages for lightweight, efficient communication. The protocol was initially published in April 2005 by a consortium of companies including , , , , and . It was subsequently advanced and standardized by the Web Services Discovery and Web Services Devices Profile (WS-DD) Technical Committee, culminating in version 1.1 as an OASIS Standard on July 1, 2009. This standardization ensured interoperability across diverse implementations, including support for SOAP-over-UDP on port 3702 and multicast addresses such as 239.255.255.250 for IPv4 and FF02::C for in ad hoc mode. In operation, WS-Discovery defines six primary message types to facilitate discovery: Hello for service announcements upon network join, Bye for announcements upon departure, Probe for client-initiated searches by service type or scope, ProbeMatch for matching service responses, Resolve for resolving a specific endpoint by reference, and ResolveMatch for the corresponding reply. These messages support two operational modes—ad hoc, where probes are multicast and responses are unicast directly, and managed, where a central discovery proxy handles communication to scale for enterprise networks—while minimizing network traffic through event-driven announcements rather than polling. Security is addressed through recommendations for , WS-Trust, and WS-SecureConversation to protect message integrity and confidentiality. WS-Discovery has been implemented in various platforms, including Microsoft's Windows SDK for browsing and device discovery in environments, for enterprise service buses, and embedded systems for industrial applications such as those from . Its role in enabling has made it foundational for protocols like Devices Profile for Web Services (DPWS) and modern device interoperability.

History

Initial Development

The initial specification for WS-Discovery was released in April 2005 as a draft by , , , , and , aimed at enabling multicast-based within local networks. This effort addressed the growing need for dynamic, zero-configuration mechanisms to locate services in the WS-* family of protocols, leveraging over to facilitate communication without relying on traditional directory services like DNS. Key features in the draft centered on probe-based , where clients broadcast probe messages to a group, and matching services respond directly to the client, using filters based on service types (e.g., a specific printer model) and scopes (e.g., departmental boundaries) to refine matches according to rules like those in RFC 2396 or LDAP. The protocol specified standardized addresses for : IPv4 address 239.255.255.250 and FF02::C, both using port 3702, to ensure broad reach in local environments without centralized coordination. The first draft particularly emphasized an operational mode suited for small-scale networks lacking central management, allowing services to announce their availability proactively while minimizing network overhead through event-driven interactions rather than constant polling. This approach laid the groundwork for the protocol's later adoption, including its submission to for standardization.

Standardization Process

The standardization of WS-Discovery began with its submission to the newly formed Web Services Discovery and Web Services Devices Profile (WS-DD) Technical Committee in August 2008 by a group including , , and , building on an early draft published in April 2005. The WS-DD TC was chartered specifically to refine and standardize device-oriented Web services specifications, such as WS-Discovery, SOAP-over-UDP, and the Devices Profile for Web Services (DPWS), to enable secure discovery and control of networked devices. The committee's work commenced with the first working draft (wd-01) released on September 16, 2008, followed by iterations including committee drafts and public review periods to incorporate feedback and ensure interoperability. These reviews addressed refinements to the protocol's scope, security considerations, and integration with broader Web services standards, culminating in version 1.1. On June 30, 2009, the WS-DD TC unanimously approved the specification, which was ratified as an OASIS Standard on July 1, 2009, following a membership vote. Version 1.1 introduced key enhancements, including a managed mode of operation that uses proxies to centralize and scale announcements, probes, and resolves in large networks, reducing overhead. It also refined the XML schemas with the updated http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01 and improved integration with the WS-DeviceProfile (via DPWS) for consistent device description and . No major updates to WS-Discovery have occurred since 2009, with the WS-DD TC closing in November 2016; however, the standard has seen ongoing adoption in industry profiles, such as the ONVIF Core Specification from 2010 onward, which leverages WS-Discovery for network video device detection.

Overview

Purpose and Design Goals

WS-Discovery is designed to enable the dynamic discovery of Web Services endpoints within local networks, allowing clients to locate target services without requiring prior configuration or centralized registries. This protocol supports zero-configuration scenarios, facilitating plug-and-play functionality for devices in environments where services may join or leave the network frequently. By leveraging multicast communications, it addresses the limitations of static methods like DNS, which rely on predefined records, or UDDI, which depends on persistent, centralized directories for service registration and lookup. The primary objectives include providing efficient in both networks, such as home or small office setups with minimal infrastructure, and managed networks, like enterprise subnets utilizing proxies for . Key design goals emphasize low-overhead operations through probes, ensuring interoperability via SOAP-based messaging that composes with other Web Services standards. It supports filtering services by types—defined using XML namespaces corresponding to WSDL portTypes—and scopes, which organize services into logical groups via URIs or UUIDs to enable targeted . This approach contrasts with mechanisms in WS-Addressing by using for initial probes, thereby reducing and in service location processes. Representative use cases demonstrate its applicability in resource-constrained settings, such as network printers discovered via WS-Print in Windows environments for seamless integration without manual IP configuration. In surveillance systems, IP cameras compliant with standards employ WS-Discovery to allow clients to probe and identify devices dynamically on local networks. Additionally, it enables in home networks for servers through compatible gateways that bridge WS-Discovery with UPnP protocols, supporting zero-config access to streaming services. These applications highlight its role in further interactions, such as or description retrieval, while maintaining compatibility with security extensions like .

Core Principles

WS-Discovery operates on the principle of probe matching, where target evaluate incoming probe messages against their advertised types and scopes to determine if they should respond. Types are specified as qualified names (QNames), and a service matches if its types include all those requested in the probe, using exact and local name comparison. Scopes, which define contextual domains such as organizational units, are matched using configurable rules: exact matching via byte-by-byte string comparison (strcmp0) or subsumption matching via prefix comparison (e.g., RFC 3986 for URI-like scopes), allowing broader or narrower scope hierarchies to align as specified by the probe's MatchBy attribute. The protocol supports both announcement-based and query-based mechanisms to enable proactive and reactive . In announcement-based , target services a Hello message upon joining the network, providing their endpoint reference, types, and scopes without client initiation, facilitating immediate awareness in dynamic environments. Conversely, query-based involves clients ing a message with optional type and scope filters, to which matching services respond with a ProbeMatch message containing their details, ensuring targeted responses only from relevant services. To maintain efficiency and prevent overload, WS-Discovery is confined to local scopes using addressing limited to link-local or site-local boundaries, such as addresses FF02::C (link-local) or FF05::C (site-local) and IPv4 239.255.255.250, explicitly avoiding internet-scale propagation that could cause flooding. This design assumes operation within a single or site, where traffic remains contained without . Fault tolerance is achieved through support for multiple matching responses and configurable timeouts, allowing clients to receive and select from several ProbeMatch messages if available, thus providing redundancy against individual service failures or packet loss. Clients wait for ProbeMatch responses within a configurable timeout, typically up to 5 seconds in managed modes per the specification, after which they may retry or proceed with collected matches, balancing responsiveness with reliability in unreliable multicast scenarios. WS-Discovery ensures with the broader WS-* family by leveraging WS-Addressing for references and message routing, while optionally incorporating WS-Policy assertions to describe service capabilities and requirements, all while maintaining a lightweight profile through minimal message overhead and support for SOAP-over-UDP bindings to reduce on constrained networks. As of 2025, WS-Discovery remains foundational for but requires careful configuration to mitigate risks like DDoS amplification.

Architecture

Roles

In WS-Discovery, participants are defined by three primary roles: Client, , and , each with distinct responsibilities in the discovery process. The Client role is responsible for initiating by sending messages to search for available or messages to obtain detailed information about a specific service. Upon receiving responses, the Client matches them against criteria such as types or scopes to select appropriate services for interaction. Clients typically send these messages via in environments or to a in managed setups. The Target Service role represents endpoints that provide the actual services being discovered, advertising their availability through Hello messages upon joining a network and signaling departure with Bye messages. Target Services respond to incoming Probe and Resolve messages from Clients by sending ProbeMatch or ResolveMatch messages, which include essential metadata such as endpoint references, service types, scopes, and XAddrs for direct access. These responses are sent via unicast in ad hoc mode or unicast to a Discovery Proxy in managed mode, ensuring efficient propagation of service information. The Discovery Proxy role serves as an intermediary in managed environments, aggregating announcements from Target Services, maintaining a registry of their , and suppressing traffic to reduce overhead. It receives Probe and Resolve messages from Clients, queries its registry to generate appropriate ProbeMatch or ResolveMatch responses, and forwards these back to the Clients over HTTP or other transports. Discovery Proxies also handle Hello and Bye messages from Target Services by updating their internal records accordingly. Endpoints in WS-Discovery are flexible and may assume multiple roles simultaneously—for instance, a device could act as both a Target Service advertising its capabilities and a Client searching for other services—provided they conform to the requirements of each. However, minimum conformance to the specification requires an endpoint to implement at least one of these roles fully. In managed mode interactions, Clients direct queries to the Discovery Proxy, which in turn manages communication with registered Target Services to facilitate scalable discovery across larger networks.

Operational Modes

WS-Discovery supports two primary operational modes: ad hoc and managed, each designed to address different network topologies and scalability needs. In ad hoc mode, discovery occurs through direct multicast and unicast communications over UDP on port 3702 (IPv4 multicast address 239.255.255.250, IPv6 FF02::C), using SOAP-over-UDP binding. This mode requires no central coordination, allowing clients and services to exchange probes, responses, and announcements freely within the local network segment. It is particularly suitable for small, flat networks where simplicity is prioritized, but it carries risks such as multicast storms in larger subnets due to increased bandwidth consumption from repeated message flooding. Managed mode, in contrast, employs discovery proxies to centralize operations, enabling HTTP communications with SOAP-over-HTTP binding while proxies manage any necessary internal . Clients send discovery messages, such as probes, directly to the proxy's (wsdd:DiscoveryProxy), which then handles forwarding and responses to suppress external traffic. This approach enhances scalability in segmented or large networks by reducing broadcast overhead and providing centralized control, making it ideal for environments requiring better security and management. Mode selection occurs automatically through proxy detection—clients listen for proxy announcements or Hellos—or via explicit configuration, defaulting to ad hoc for its inherent simplicity while favoring managed mode for enhanced control and security. Services and clients can transition between modes dynamically; for instance, a client in ad hoc mode may switch to managed upon receiving a unicast Hello from a in response to a Probe, though managed operations necessitate the presence of at least one to function.

Protocol Mechanics

Message Types

WS-Discovery employs a set of SOAP-based messages to enable dynamic service discovery on networks. These messages adhere to the WS-Addressing specification for routing and identification, incorporating headers such as [action], [messageID], and [to] to ensure proper delivery and correlation. The protocol's XML schema, defined in the WS-Discovery namespace (http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01), specifies elements for each message type, including structures like wsd:ProbeType that contain attributes such as d:Types (a list of service types expressed as WSDL QNames) and d:Scopes (URIs defining service categorization). The Hello message serves as an announcement from a target upon joining the network, providing its availability details. It includes a mandatory wsa:EndpointReference identifying the 's , optional d:Types listing the 's offered types, optional d:Scopes for , optional d:XAddrs specifying addresses, and a required d:MetadataVersion indicating the current version. Additionally, it carries an AppSequence header block with InstanceId, optional SequenceId, and MessageNumber to order subsequent messages from the . In mode, Hello is sent ; in managed mode, it is to a discovery proxy. No response is expected. The message uses the action http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01/Hello and is defined by the wsd:HelloType schema element. The Bye message acts as the counterpart to Hello, signaling a target service's departure from the network to allow clients and proxies to update their registries. It mirrors the structure of Hello, including wsa:EndpointReference, optional d:Types, d:Scopes, d:XAddrs, optional d:MetadataVersion, and the AppSequence header. Like Hello, it is sent in mode or in managed mode, using the action http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01/Bye and defined by wsd:ByeType. No response is required or expected upon receipt. A is issued by a client to query for target services matching specific criteria. It contains optional d:Types to filter by service types and optional d:Scopes (with a MatchBy attribute specifying matching rules like "eq" for exact match or "prefix" for prefix match) to narrow by scope . An AppSequence header may be included if the client maintains sequencing. The uses the action URI http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01/[Probe](/page/P.R.O.B.E.), is defined by wsd:ProbeType, and is sent in mode or in managed mode. In response to a Probe, one or more ProbeMatches messages are sent by matching target services or a discovery proxy aggregating results. Each ProbeMatch element within the message includes wsa:EndpointReference, optional d:Types, d:Scopes, d:XAddrs, and mandatory d:MetadataVersion, along with an AppSequence header. The message correlates to the Probe via wsa:RelatesTo referencing the Probe's [messageID] and uses the action URI http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01/ProbeMatches, defined by wsd:ProbeMatchesType. Responses are unicast to the client's ReplyTo endpoint. Multiple ProbeMatch elements can be included to report several services. The Resolve message allows a client to request updated metadata for a specific target service identified by its endpoint. It requires only a wsa:EndpointReference and uses the action URI http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01/Resolve, defined by wsd:ResolveType. It is sent in mode or in managed mode. A ResolveMatch message provides the response to a Resolve, containing a single optional d:ResolveMatch element with wsa:EndpointReference, optional d:Types, d:Scopes, d:XAddrs, required d:MetadataVersion, and AppSequence header. It correlates via wsa:RelatesTo and uses the action URI http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01/ResolveMatches, defined by wsd:ResolveMatchesType. The response is . If no match exists, an empty message may be sent. Fault messages in WS-Discovery follow standard SOAP 1.2 fault mechanisms, bound with WS-Addressing properties for [action] (http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01/fault), [code], [subcode], [reason], and [detail]. Specific subcodes include d:MatchingRuleNotSupported for unsupported scope matching rules in Probes, with details listing supported rules. For errors such as mismatched AppSequence headers (e.g., invalid InstanceId or out-of-order MessageNumber), implementations generate standard SOAP Sender faults, though the specification does not define unique subcodes for sequencing issues.

Discovery Operations

WS-Discovery defines three primary discovery operations: Probe for active searching, Resolve for obtaining detailed endpoint information, and Announcement for passive notifications of service availability. These operations enable clients to locate target services on a network, with logic tailored to ad hoc or managed modes. In ad hoc mode, operations use for broad discovery, while managed mode routes messages through a discovery proxy via . The operation allows a client to actively search for target services matching specified types and scopes. The client sends a message, which in mode is to the address 239.255.255.250 on port 3702, containing optional Types and Scopes elements. Target services that match respond with ProbeMatches messages, listing their references and versions. Matching occurs if all Types in the are subsumed by the target service's Types—meaning the service's Types must include exact QName matches (identical and local name) for every Type—and all Scopes match according to the specified rule, such as RFC 3986 prefix matching for URIs. In mode, target services delay their ProbeMatches by a random interval between 0 and 500 milliseconds (APP_MAX_DELAY) to prevent network collisions, and clients discard responses received more than 600 milliseconds (MATCH_TIMEOUT) after the . In managed mode, the is to the , which aggregates and forwards matches. If no services match, the may return an empty ProbeMatches or a NoMatch fault. The Resolve operation serves as a follow-up to a , enabling a client to retrieve detailed information for a specific target without full . The client sends a Resolve message containing the target 's , in ad hoc mode or to the in managed mode. The matching target responds with a single ResolveMatch message, including its and version, without the random delay applied in responses. This operation ensures precise addressing for subsequent interactions. The Announcement operation supports passive , where services notify clients of their availability. Upon joining the network, a service sends a Hello message in mode (or unicast to the in managed mode), including its endpoint reference, Types, Scopes, and version; a random delay of 0 to 500 milliseconds applies to avoid storms. On departure, it sends a best-effort Bye message with the same details but without XAddrs. Clients listen for these announcements to build a dynamic registry. The version increments with any changes to , signaling clients to refresh via Resolve. AppSequence management ensures message correlation and integrity across operations. Each client or target service generates a unique InstanceId, incremented on restarts to delineate sessions, and a SequenceId (often called MessageNumber) that increments per message within that instance. This header appears in Probes, Resolves, Hellos, and responses, allowing recipients to order messages, detect duplicates via [message id] comparison, and suppress replays. For instance, a target service responds only once to identical Probes sharing the same InstanceId and message identifiers. In managed mode, the proxy sequences announcements and matches accordingly. Error handling in discovery operations relies on faults for exceptional cases. If a or Resolve specifies an unsupported matching rule, the recipient may generate a MatchingRuleNotSupported fault instead of responding. NoMatch faults occur in managed mode when the proxy finds no matching services, providing explicit confirmation of empty results. Unverifiable or excessively delayed responses are discarded by clients per timeout parameters.

Security

Protection Mechanisms

WS-Discovery integrates with WS-Security to provide message integrity and authenticity through digital signatures on key message elements, though security is not mandatory and is recommended rather than required. Messages such as Hello, Bye, Probe Match, Resolve Match, Probe, and Resolve are recommended to be signed using a compact signature format that employs RSA with SHA-1 for the signature algorithm per the specification. However, SHA-1 is deprecated for digital signatures due to known vulnerabilities, and modern implementations should use stronger algorithms such as RSA-SHA-256 to ensure protection of the message body and relevant headers like those from WS-Addressing. This compact format optimizes for UDP transport by using abbreviated XML structures, including attributes for signature scheme, key identifier, references, and the signature value itself, while applying exclusive canonicalization to prevent alteration. Target services may discard unsigned or unverifiable multicast messages from unfamiliar domains to mitigate spoofing risks. For , WS-Discovery supports derived keys derived from a shared context established via WS-SecureConversation, allowing per- symmetric keys to encrypt sensitive without embedding full keys in each message. These derived keys are generated using algorithms specified in the context, such as PSHA1 for key derivation from a secret, and can be named for further derivation if needed. Additionally, WS-Trust enables token-based within this , where security tokens issued by a trusted authority can underpin the context establishment for authenticated discovery exchanges. Scope and type matching in discovery requests serve as a metadata filtering mechanism to restrict responses to authorized services only, preventing unintended exposure during probing. In managed mode, which relies on HTTP to a discovery proxy, the protocol supports the use of TLS (via ) to secure the against and man-in-the-middle attacks. Security applies differently in ad-hoc versus managed modes, with ad-hoc emphasizing lightweight integrity over full . Multicast operations in ad-hoc mode face challenges in achieving due to the lack of built-in UDP encryption, as adding overhead like per-packet would undermine the protocol's for local network . Instead, symmetric keys for are shared prior to or facilitated through a trusted in managed setups, allowing subsequent without exposing keys over . Replay protection is enforced through the AppSequence header, which includes a unique InstanceId and monotonically increasing SequenceId to order messages and detect duplicates across a session. This is augmented by timestamps indicating creation and expiration times, combined with nonces to ensure freshness and prevent replay attacks even if sequences are compromised. In proxy-mediated scenarios, the discovery proxy validates AppSequence values to reject out-of-order or repeated messages, providing an additional layer of enforcement.

Implementation Guidelines

Security implementations of WS-Discovery should prioritize protection against alteration, replay, and spoofing attacks, using compact XML signatures with / algorithms as recommended by the specification, though stronger hash functions are advised for current . In mode, signatures must cover the message body and WS-Addressing headers, while managed mode benefits from proxy-mediated tokens. Implementations must support end-to-end contexts using WS-Trust for token issuance and WS-SecureConversation for derived keys per message in managed environments. For endpoint references, implementations commonly use URN-based UUID formats (e.g., :uuid: followed by a 32-hex-digit identifier) to uniquely identify services, overriding less specific options for better . Developers should validate all incoming messages against the WS-Discovery (namespace: http://docs.oasis-open.org/ws-dd/ns/[discovery](/page/Discovery)/2009/01) and prioritize normative text over illustrative examples or appendices for .

References

  1. [1]
    OASIS Web Services Dynamic Discovery (WS-Discovery) Version 1.1
    This specification defines a discovery protocol to locate services. In an ad hoc mode of operation, probes are sent to a multicast group.
  2. [2]
    [PDF] Web Services Dynamic Discovery (WS - xmlsoap.org
    WS-Discovery is a multicast protocol to locate services. Clients send probes to a multicast group, and matching services respond directly. Services announce ...
  3. [3]
    Web Services Dynamic Discovery (WS-Discovery) v1.1 - OASIS Open
    Defines a discovery protocol to locate services. In an ad hoc mode of operation, probes are sent to a multicast group, and target services that match return ...
  4. [4]
    WS-Discovery Specification Compliance - Win32 apps
    Jan 7, 2021 · This topic describes how WS-Discovery restrictions, requirements, and elective functionality are handled by the WSDAPI implementation.
  5. [5]
    WS-Discovery - Apache CXF
    WS-Discovery is a protocol to enable dynamic discovery of services available on the local network. By default, WS-Discovery uses a UDP based multicast transport ...Missing: applications | Show results with:applications
  6. [6]
    How does the device discovery work? | Schneider Electric USA
    Feb 11, 2016 · Windows explorer and Ecoreach use WS-Discovery protocol to find the connected devices. Web Services Dynamic Discovery (WS-Discovery) is a ...<|control11|><|separator|>
  7. [7]
    Additional WS-Discovery Functionality - Win32 apps | Microsoft Learn
    Jan 7, 2021 · The purpose of this topic is to describe the discovery functionality implemented by WSDAPI but not otherwise described in the DPWS or WS-Discovery ...
  8. [8]
    https://www.oasis-open.org/news/oasis-news-2008-08-21.php
  9. [9]
    OASIS Members Form New Committee to Enable Secure Web ...
    Aug 22, 2008 · The OASIS WS-DD Technical Committee will base its work on contributions of the WS-Discovery, SOAP-over-UDP (User Datagram Protocol), and ...Missing: process | Show results with:process
  10. [10]
    OASIS Web Services Discovery and Web Services Devices Profile ...
    The purpose of the Web Services Discovery and Web Services Devices Profile (WS-DD) Technical Committee (TC) is to define: A lightweight dynamic discovery ...
  11. [11]
    [PDF] Devices Profile for Web Services Version 1.1 - OASIS Open
    Jan 27, 2009 · OASIS Committee Draft 01, Web Services Dynamic Discovery (WS-Discovery), ... wd-01. 09/16/2008. Dan Driscoll. Converted input specification to ...
  12. [12]
    OASIS Web Services Discovery and Web Services Devices Profile ...
    Nov 28, 2016 · On May 7, 2009, the OASIS Web Services Discovery and Web Services Devices Profile (WS-DD) Technical Committee unanimously approved a ...
  13. [13]
    [PDF] wsdd-discovery-1.1-spec-os.pdf - OASIS Open
    Jul 1, 2009 · cd-01. 10/21/2008 Vipul Modi. Created first committee draft by from working draft 03. Removed all change bars. wd-04. 11/23/2008 Devon. Kemp.
  14. [14]
    OASIS Members Approve WS-DD Standards to Enable Secure Web ...
    Jul 20, 2009 · OASIS Members Approve WS-DD Standards to Enable Secure Web Service Discovery and Control of Networked Devices · Latest news · The work of OASIS is ...
  15. [15]
    [PDF] ONVIF Core Specification
    According to this specification, devices (service providers) are discovered using WS-Discovery [WS-Discovery] based techniques. The service discovery principles ...
  16. [16]
    Web Services on Devices for Printing (WS-Print) - Windows drivers
    Sep 24, 2024 · Web services on devices for printing (WS-Print) was introduced to provide a connection protocol for printing and scanning peripherals.
  17. [17]
    [PDF] ONVIF-Core-Specification-v211.pdf
    Jan 1, 2012 · The specification defines a core set of interface functions for configuration and operation of network devices by defining their server side ...
  18. [18]
    https://www.shadowserver.org/what-we-do/network-reporting/accessible-ws-discovery-service-report/
  19. [19]
    https://docs.oasis-open.org/ws-dd/discovery/1.1/os/wsdd-discovery-1.1-spec-os.html#iddiv1.1.3.3
  20. [20]
    https://docs.oasis-open.org/ws-dd/discovery/1.1/os/wsdd-discovery-1.1-spec-os.html#iddiv1.1.3.4
  21. [21]
    https://docs.oasis-open.org/ws-dd/discovery/1.1/os/wsdd-discovery-1.1-spec-os.html#iddiv1.1.3.5
  22. [22]
    https://docs.oasis-open.org/ws-dd/discovery/1.1/os/wsdd-discovery-1.1-spec-os.html#iddiv1.1.3
  23. [23]
    https://docs.oasis-open.org/ws-dd/discovery/1.1/os/wsdd-discovery-1.1-spec-os.html#iddiv2.9
  24. [24]
    https://docs.oasis-open.org/ws-dd/discovery/1.1/os/wsdd-discovery-1.1-spec-os.html#id3257484
  25. [25]
    https://docs.oasis-open.org/ws-dd/discovery/1.1/os/wsdd-discovery-1.1-spec-os.html#id3260135
  26. [26]
    https://docs.oasis-open.org/ws-dd/discovery/1.1/os/wsdd-discovery-1.1-spec-os.html#id2843091
  27. [27]
    https://docs.oasis-open.org/ws-dd/discovery/1.1/os/wsdd-discovery-1.1-spec-os.html#id2843357
  28. [28]
    https://docs.oasis-open.org/ws-dd/discovery/1.1/os/wsdd-discovery-1.1-spec-os.html#id2843623
  29. [29]
    WS-SecureConversation 1.3 - OASIS Open
    In the example above we have named a derived key so that other keys can be derived from it. To do this we use the <wsc:Properties> element name tag to ...
  30. [30]
    https://csrc.nist.gov/news/2022/nist-transitioning-away-from-sha-1-for-all-apps
  31. [31]
    https://docs.oasis-open.org/ws-sx/ws-secureconversation/v1.4/os/ws-secureconversation-1.4-spec-os.html