Advanced Specifications for Web Services Security
BEA, IBM, Microsoft, RSA Security, SAP and VeriSign Deliver Advanced Specifications to Help Meet Security and Business Policy Needs of Companies Building and Implementing Web Services
New Group of Specifications to Build on Industry Work for Web Services
Redmond, Washington and Armonk, NY, USA. December 18, 2002.
Microsoft Corp. and IBM Corp., along with BEA Systems Inc., RSA Security Inc., SAP AG and VeriSign Inc., today announced the publication of a new set of advanced Web services specifications to help businesses share information securely between applications and organizations in a standard way.
Using broadly accepted standards and specifications around Simple Object Access Protocol (SOAP), security, transactions and discovery, the new specifications represent the next step in delivering a comprehensive model of advanced Web services capabilities that integrate currently available technologies with the evolving requirements of emerging applications.
IBM, Microsoft and industry partners are now delivering against a previously announced road map with six new specifications. Providing a framework that is extensible and flexible and maximizes existing investments in a Web services infrastructure, these new specifications make it easier to apply business policy and implement security for a wider range of applications.
The specifications fall into two key groups. The first helps address key technical concerns in the area of security and build on the work outlined in Microsoft and IBM's co-authored road map, "Security in a Web Services World."
In the first group:
WS-Trust describes a framework for managing, establishing and assessing trust relationships to enable Web services to securely interoperate. Authors: IBM, Microsoft, RSA Security and VeriSign.
WS-SecureConversation describes a framework to establish a secure context for parties that want to exchange multiple messages. Authors: IBM, Microsoft, RSA Security and VeriSign.
WS-SecurityPolicy describes general security policies that can be associated with a service. Authors: IBM, Microsoft, RSA Security and VeriSign.
The second group focuses on streamlining the implementation of business policies in a Web services environment:
WS-Policy outlines a way for senders and receivers of Web services to communicate their requirements and capabilities, which enables them to search for and discover the information they need to access the service. Authors: BEA, IBM, Microsoft, and SAP.
WS-PolicyAttachment provides a standard mechanism for attaching the requirement and capability statements to the Web service. Authors: BEA, IBM, Microsoft, and SAP.
WS-PolicyAssertions describes general policies that can be affiliated with a service. Authors: BEA, IBM, Microsoft, and SAP.
Founded in 1975, Microsoft (Nasdaq "MSFT") is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software -- any time, any place and on any device.
Prepared by Robin Cover for The XML Cover Pages archive. See other references in the 2002-12-18 news item: "Microsoft and IBM Publish Six New Web Services Security and Policy Specifications."
Update 2007-11-20: In November 2007, W3C announced the publication of Web Services Policy 1.5 - Primer and Web Services Policy 1.5 - Guidelines for Policy Assertion Authors as key deliverables supporting the W3C Recommendations Web Services Policy 1.5 - Framework and Web Services Policy 1.5 - Attachment. WS-Policy defines a general policy framework for expressing Web service capabilities and requirements, including a policy data model, processing model (for combining/comparing Web service capabilities), and XML Information Set representation for the policy data model.