The fact that Web Services will use the insecure Web for possible mission critical business transactions inside an extended enterprise, and the possibility of new short-lived and dynamic business relationships that Web Services enable, mean that integrating security into Web Services poses challenges for a security architecture for an extended enterprise. Any such security architecture must address issues of authentication, authorization, confidentiality, integrity, and non-repudiation. To achieve these requirements, different XML technologies are developed like XML Signature, XML Encryption, SAML, XACML, and XKMS.

One part of the paper will describe a security architecture for the external communication using Web Services and security standards like SSL. Inside an extended enterprise, there are extended enterprise roles, which have to be mapped to local roles inside a company. This mapping is done by a Role Mapping unit using the developed infrastructure Web Service called DRBAC Service (Distributed Role-Based Access Control).

The final part of the paper will show the realized prototype, which is developed within the scope of the EC-project FLoCI-EE (Flexible Low-Cost Internet Extended Enterprise).