Web Service Binding is a set of features that the communications layer is assumed to have. These features are often required by more sophisticated protection mechanisms like the token passing flows. They often address basic and well known threats like replay, unauthorized, and man-in-the middle attacks in basic way while other mechanisms may address the same topics comprehensively, but in a more expensive way. Many of these features may seem selfevident, but we need to list them even if just to state the obvious.
Mutual authentication of the communicating entities MUST be possible. Usually this is done using transport layer digital certificates, but other approaches are possible.
Link confidentiality MUST be possible, usually using transport layer encryption.
Correlation
Request-Response Correlation
Business Process identification in correlation
Redirection support for flexibility
Recredentialing support (Req. D1.2-3.9-BPRecover)
Asynchronous support SHOULD be implemented (this will be addressed in a future version of this document)
Interaction Callback (or Exception Request)
Interaction Redirect (Req. D1.2-3.9-BPRecover)
Interaction Service (Req. D1.2-3.9-BPRecover)
Digital signing of messages for nonrepudiation (Reqs. D1.2-2.11-Transp, D1.2-2.15-Resp, D1.2-4.4-CourtProof)
Conveyance of Invoker and Target Identities, if web service uses identity.