WS-I Basic Security Profile (BSP) 1.1 Final Material
WS-I Reaches Significant Milestone with Publication of Basic Security Profile 1.1
Profile Is Guide to Enhanced Security in Deployment of Interoperable Web Services
Wakefield, MA, USA. March 23, 2010.
The Web Services Interoperability Organization (WS-I: http://www.ws-i.org) today announced the publication of the WS-I Basic Security Profile (BSP) 1.1 as final material for public access. BSP 1.1 is available at no charge from the WS-I Web site, at:
WS-I is an open industry organization chartered to establish and document Best Practices for Web Services interoperability. The WS-I Basic Security Profile is an essential guide for ensuring secure, interoperable Web services, based on a set of non-proprietary Web services specifications, along with clarifications and amendments to those specifications that promote interoperability. BSP 1.1 integrates OASIS Web Services Security (WS-Security) 1.1 key encryption and signature features that can improve interoperability of practical secure technologies used in current Web services applications.
"The Basic Security Profile 1.1 is an important update to WS-I's efforts to advance interoperability and security for Web services," said David Burdett, Chair, WS-I Board of Directors. "Our thanks go to the WS-I BSP Working Group members who have so successfully collaborated to produce BSP 1.1."
Specifically, BSP 1.1 targets transport and SOAP message security, and Basic Profile-specific security considerations of Web Services. BSP 1.1 focuses on Web Services Message Security and HTTP over Transport Level Security (TLS). Building on BSP 1.0, BSP 1.1 is based on the key security usage scenarios and requirements identified in WS-I's Security Challenges document:
BSP 1.1 constrains the use of several common security tokens based on the OASIS Web Services Security (WS-Security) 1.1 and its token profiles. Security tokens profiled include Kerberos, X.509, SAML and Username token.
"The WS-I Basic Security Profile 1.1 builds upon the strong foundation in BSP 1.0 and extends it to cover core security scenarios in WS-Security 1.1," said Paul Cotton, Chair of the BSP Working Group. "We believe security is a top priority for Web services and are pleased with the work we've been able to achieve to provide solid secure, interoperable Web services for implementers and consumers."
Concluding a six-month testing effort, six WS-I member companies — Intel, IBM, Layer 7, Microsoft, Oracle and SAP AG — successfully interoperated using BSP 1.1 and contributed to profile enhancements based on their results. The scenarios and test tools are publicly available at http://www.ws-i.org/deliverables/workinggroup.aspx?wg=testingtools for third-party Web services applications to test security interoperability.
The WS-I Board approved BSP 1.1 after receiving confirmation that the members' interoperability tests were successfully concluded. Following the Board's positive ballot, the document was submitted to WS-I's membership, who voted to approve publication of BSP 1.1.
Among the WS-I member companies whose representatives participated in developing BSP 1.1 were BMC Software, Inc.; Hitachi, Ltd.; HP; IBM; Layer 7 Technologies; Microsoft Corporation; Nokia; Oracle; and SAP.
The Web Services Interoperability Organization (WS-I) is an open industry organization chartered to establish Best Practices for Web Services interoperability, for selected groups of Web Services standards, across platforms, operating systems and programming languages.
WS-I comprises a diverse community of Web Services leaders from a wide range of companies and standards development organizations (SDOs). The WS-I committees and working groups create Profiles and supporting Testing Tools based on Best Practices for selected sets of Web Services standards. The Profiles and Testing Tools are available for use by the Web Services community to aid in developing and deploying interoperable Web Services. For more information, visit http://www.ws-i.org or send email to firstname.lastname@example.org.
[Source PDF for the announcement.]