With the development of Web services application, some issues of Web services security are increasingly prominent. XML is widely used of its high expansibility as a platform-independent language. After analysis the traditional Web services security technology, this paper formulates the XML signature, as the basis of Web services security technology, and describes how to create and verify signature. An implementation of XML signature in the Web services security is illustrated in Java.