WS-security describes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies.

WS-security also provides a general-purpose mechanism for associating security tokens with messages. No specific type of security token is required by WS-security. It is designed to be extensible (e.g. support multiple security token formats). For example, a client might provide proof of identity and proof that they have a particular business certification.