WS-I Basic Security Profile 1.0 Final Material
WS-I Publishes Basic Security Profile 1.0
Adds Security to Interoperable Web Services
Wakefield, MA, USA. April 03, 2007.
The Web Services Interoperability Organization (WS-I: www.ws-i.org) today announced the publication of the WS-I Basic Security Profile (BSP) 1.0 as final material for public access. BSP 1.0 is an essential guide for ensuring secure, interoperable Web services. The WS-I Basic Security Profile 1.0 builds on the work already completed in WSI's Basic Profile 1.1. BSP1.0 is available from the WS-I Web site, at:
"Publishing the WS-I Basic Security Profile 1.0 is a major step toward achieving WS-I's objective of advancing interoperability for secure Web services," said Michael Bechauf, chairman and president of WS-I. "I congratulate the many WS-I members who have worked to make BSP 1.0 a reality."
WS-I is an open industry organization whose members promote Web services interoperability across platforms, operating systems and programming languages.
"An interoperability profile offers valuable guidance to product implementers and application developers regarding the interpretation of a specification," said Anne Thomas Manes, research director and vice president, Burton Group. "A specification typically supports a broad set of requirements and offers a variety of options and approaches, but these options can lead to misinterpretation and result in interoperability challenges. An interoperability profile constrains the options and makes communication easier."
The WS-I Board approved BSP 1.0 after receiving confirmation that five members demonstrated interoperability: IBM, Microsoft, Novell, Oracle, and SAP. Supporting statements from these companies are attached below. Following Board approval, the document was submitted to WSI's membership, who voted to approve BSP 1.0.
"Security is a concern to any organization operating in the Web services sphere," said Paul Cotton, Chair of the BSP Working Group. "The WS-I Basic Security Profile 1.0 provides a strong foundation for the development of secure, yet interoperable Web services. We in the Working Group are now working on BSP 1.1, which builds upon that strong foundation."
About the Basic Security Profile
The WS-I Basic Security Profile is an interoperability profile that addresses transport security, SOAP messaging security and other security considerations for WS-I's Basic Profile 1.1, Simple SOAP Binding Profile 1.0 and Attachments Profile 1.0, which are available in final form at:
Specifically, the BSP1.0 focuses on the interoperability characteristics of two technologies: HTTP over TLS and Web Services Security: SOAP Message Security. HTTP over TLS is a point-to-point technology that protects the confidentiality of all information that flows over an HTTP connection. Web Services Security: SOAP Message Security provides security protection for SOAP messages and applies even when a message passes through several intermediary waypoints, allowing differing levels of protection for selected portions of a message.
The BSP1.0 describes a way to apply SOAP Message Security to attachments. The BSP1.0 also incorporates Web Services Security: Username Token Profile, Web Services Security: X.509 Certificate Token Profile, Web Services Security: Kerberos Token Profile, Web Services Security: SAML Token Profile and Web Services Security: XRML Token Profile.
WS-I is an open, industry organization chartered to promote Web services interoperability across platforms, operating systems, and programming languages. The organization unites a diverse community of Web services companies to provide guidance, recommended practices and supporting resources for developing interoperable Web services. For more information, visit www.ws-i.org or email firstname.lastname@example.org.
"Security is very important to our customers as they develop and deploy Web services based solutions. The WS-I profiles are essential to ensuring that the combinations of these standards are implemented consistently," said Karla Norsworthy, Vice President, IBM Software Standards. "Our implementations of these profiles in IBM software products give customers the needed functionality and the assurance their solutions will work in a heterogeneous environment."
"Microsoft is pleased with the Web services interoperability that WS-I Basic Security Profile (BSP) 1.0 offers to the industry," said Jorgen Thelin, Senior Program Manager for Interoperability Standards, Connected Systems Division at Microsoft, and WS-I Board member. "The completion of BSP 1.0 will help drive the continuing adoption of OASIS WS-Security 1.0 and reinforce the integrity and confidentiality in Web services messaging."
"Novell is pleased to have participated in demonstrating the interoperability of the WS-I Basic Security Profile 1.0. We believe this profile will significantly advance the development of secure Web Services," said Vijay Rajan, Software Engineer Consultant, Novell.
"With the increasing popularity of service-oriented architectures, it is critical for organizations to ensure their Web services are secure," said Prateek Mishra, director, Security Standards, Oracle. "We are pleased that the WS-I Basic Security Profile and its interoperability tests have been finalized, as they underscore Oracle's commitment to making it easier for organizations to implement and secure their service-oriented architectures across heterogeneous environments."
"The secure interoperation of Web Services is essential for a service-oriented architecture," said David Burdett, SAP Board member for WS-I. "The successful conclusion of interoperability tests carried out prior to declaring the Basic Secure Profile 1.0 as final material demonstrates SAP's commitment to building an open, standards-based platform with SAP NetWeaver."
Contact for More Information
Ruth Cassidy, Virtual, Inc.
Tel: + 781-876-6239
Prepared by Robin Cover for The XML Cover Pages archive. See additional information at: (1) "WS-I Basic Security Profile Version 1.0 Published as Final Material"; (2) "Web Services Interoperability Organization (WS-I)."