Web Services Security Technical Committee
OASIS Members Form Web Services Security Technical Committee
WS-Security Specification to Be Advanced by BEA Systems, Blockade Systems, Commerce One, divine, Documentum, Fujitsu, Intel, IBM, IONA, Microsoft, Novell, Oblix, OpenNetwork, Perficient, SAP, SeeBeyond, Sonic Software, Sun Microsystems, TIBCO, VeriSign, webMethods, XML Global, and Other OASIS Members
Boston, MA, USA. July 23, 2002.
The OASIS standards consortium has organized a new technical committee to advance the WS-Security specification. WS-Security provides a foundation for secure Web services, laying the groundwork for higher-level facilities such as federation, policy, and trust. Through the open OASIS process, providers and users will come together to extend the functionality of WS-Security, which was originally published by IBM, Microsoft, and Verisign.
The WS-Security specification defines a standard set of Simple Object Access Protocol (SOAP) extensions, or message headers, that can be used to implement integrity and confidentiality in Web services applications.
"WS-Security is one of the first Web services standards to support, integrate and unify multiple security models, mechanisms and technologies, allowing a variety of systems to interoperate in a platform- and language-neutral manner," said Chris Kaler of Microsoft. Kaler and Kelvin Lawrence of IBM serve as co-chairs of the OASIS Web Services Security Technical Committee.
"Significant work is happening at OASIS in the areas of security and Web services. We are excited by the overwhelming response from OASIS members ready to collaborate on WS-Security," added Lawrence.
BEA Systems, Blockade Systems, Commerce One, divine, Documentum, Fujitsu, Intel, IBM, IONA, Microsoft, Novell, Oblix, OpenNetwork, Perficient, SAP, SeeBeyond, Sonic Software, Sun Microsystems, TIBCO, VeriSign, webMethods, XML Global, and other OASIS members will collaborate on advancing the WS-Security specification. The first meeting of the technical committee will be held on 4-5 September 2002 and hosted by Sun Microsystems.
WS-Security joins several security standards currently being developed within OASIS. Other specifications include SAML for authentication and authorization, XACML for access control, XrML for rights management, SPML for exchanging provisioning information, and XCBF for describing biometrics data.
"WS-Security is complementary to our work on SAML," said Joe Pato of HP, co-chair of the OASIS Security Services Technical Committee. "In fact, our team intends to employ WS-Security to specify the use of SAML for adding security features to SOAP messages."
Participation in the OASIS Web Services Security Technical Committee remains open to all organizations and individuals. OASIS will host an open mail list for public comment on WS-Security, and completed work will be freely available to the public without licensing or other fees. Information on joining OASIS can be found at:
OASIS (http://www.oasis-open.org) is a not-for-profit, global consortium that drives the development, convergence and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. OASIS has more than 400 corporate and individual members in 100 countries around the world.
Industry Support for WS-Security at OASIS
"An open security standard is critical to being able to deliver on the promise of Web services, and as a long-standing member of OASIS, BEA is a strong supporter of this effort," said Edward Cobb, VP of Architecture and Standards, BEA Systems. "Secure interoperability of Web services is an important goal for everyone in the industry, and BEA will actively participate and help drive this critical work."
"Fujitsu welcomes the standardization of the Web Services Security within OASIS. As a leading provider of Internet-focused information technology solutions for the global marketplace, Fujitsu will commit to contribute in the new OASIS Web Services Security Technical Committee," said Seigo Hirosue, General Manager, Project-A XML, Fujitsu Limited. "Fujitsu's Interstage, the software platform for 'Collaborative Business Integration,' will support the future standard to realize secure B2B transactions.
"Web services standards are developing in a methodical, coordinated fashion that will ensure you'll be able to mix-and-match technologies to achieve your integration and business connection goals," said Bob Sutor, Director of e-business Standards Strategy at IBM. "WS-Security is a critical element of the Web services stack and an important step toward creating the comprehensive set of security standards that will accelerate the adoption of Web services by our customers and users around the world."
"The creation of interoperable security standards is necessary to solve the complex challenges facing customers who are integrating their applications and systems across the extended enterprise. Ensuring the security of these applications and systems is a key issue that must be addressed before the widespread adoption of Web services," said Nand Mulchandani, co-founder and CTO, Oblix. "We are excited to be a charter member of the OASIS Web Services Security Technical Committee, as we have always been on the forefront of implementing Web services in our enterprise identity management and Web access control solution, Oblix NetPoint. Our experience in implementing this technology at numerous enterprise customer sites will be a tremendous asset in assisting with the development of this important specification."
"The unification of existing security models is a key business and technology driver for widespread adoption of Web services technologies," said Andy Sweet, chief technology officer, Perficient, and OASIS technical committee member. "By leveraging the existing work completed by WS-Security, the OASIS Web Services Security Technical Committee will be able to deliver security standards that will drive unification and allow real interoperability between diverse enterprise systems. Perficient looks forward to participating in this important effort."
"Global Web security standards are imperative for the future success of widespread business-to-business integration, making WS-Security the premier Web services standard supporting several security models a necessity," said Alan Davies, vice president of Standards and Product Strategy for SeeBeyond. "SeeBeyond embraces the unique opportunity to work closely with the OASIS standards consortium, supporting the customer adoption of global Web security standards and the delivery of secure solutions to the market and our customers."
"Security has been one of the most critical barriers to Web services adoption to date, and Sonic Software is committed to developing security standards for Web services," said Greg O'Connor, president of Sonic Software. "We are pleased to offer Sonic's participation to the Technical Committee."
"We are encouraged to see Microsoft and IBM contributing their specification under royalty free terms to OASIS, which is a recognized industry standards body," said Bill Smith, Director of Liberty Alliance Technology at Sun Microsystems. "Sun welcomes this submission because it will now be possible for the community to evaluate and build upon this technology out in the open. We hope to see all Web service specifications made available under royalty free terms."
"WS Security is one of the first specifications that addresses the critical need to embed trust and security into the fabric of the Web services infrastructure," said Dr. Phillip Hallam-Baker, Principal Scientist, VeriSign. "Although protocols such as SOAP, UDDI and WSDL have received broad industry support, the technologies and standards to enable trusted Web services are still being developed. That's why organizations like OASIS are so important; they are going to play a leading role in laying a trusted foundation for Web services."
"Interoperable security is a key ingredient to making Enterprise Web Services viable. As one of the original authors of XKMS and SAML, webMethods has long been a thought leader in Web Services-related security standards," said Andy Astor, vice president of Enterprise Web Services for webMethods. "We're very pleased to be further developing these standards as a participant in the OASIS Web Services Security Technical Committee. We look forward to working closely with our colleagues from the other participating companies."
"Secure Web services are essential for use in real world systems today," said John McAughtry, president of XML Global. "Our existing OASIS work on ebXML messaging will contribute to this critical area of XML development."
For more information:
Prepared by Robin Cover for The XML Cover Pages archive. See "Web Services Security Specification (WS-Security)" and news item of 2002-07-23.