Web Services Security TC Call For Participation

From:      "Karl F. Best" <karl.best@oasis-open.org> 
To:        tc-announce@lists.oasis-open.org,xml-dev@lists.xml.org, wss@lists.oasis-open.org 
Date:      Tue, 09 Jul 2002 15:51:11 -0400

A new OASIS technical committee is being formed. The OASIS Web Services Security Technical Committee has been proposed by the following members of OASIS: Irving Reid, Baltimore Technologies; David Orchard, BEA Systems; Krishna Sankar, Cisco Systems; Sam Wei, Documentum; Tim Moses, Entrust; Joel Munter, Intel; Kelvin Lawrence, IBM; Igor Balabine, IONA; Chris Kaler, Microsoft; Prateek Mishra, Netegrity; Ed Reed, Novell; Nand Mulchandani, Oblix; Adrien Ranson, OpenNetwork; Sarah Kent, RSA; Sachar Paulus, SAP; Bill Smith, Sun Microsystems; Jan Alexander, Systinet; and Phillip Hallam-Baker, VeriSign.

The proposal for a new TC meets the requirements of the OASIS TC Process (see http://oasis-open.org/committees/process.shtml), and is appended to this message. The proposal, which includes a statement of purpose, list of deliverables, and proposed schedule, will constitute the TC's charter. The TC Process allows these items to be clarified (revised) by the TC members; such clarifications (revisions), as well as submissions of technology for consideration by the TC and the beginning of technical discussions, may occur no sooner than the TC's first meeting.

To become a member of this new TC you must 1) be an employee of an OASIS member organization or an Individual member of OASIS; 2) notify the TC co-chairs, Kelvin Lawrence (klawrenc@us.ibm.com) and Chris Kaler (ckaler@microsoft.com) of your intent to participate at least 15 days prior to the first meeting; and 3) attend the first meeting on 4-5 September. You should also subscribe to the TC's mail list. Note that membership in OASIS TCs is by individual, and not by organization. You must be eligible for participation at the time you time you notify the chair.

The private mail list wss@lists.oasis-open.org is for committee discussions. TC members as well as any other interested OASIS members should subscribe to the list by going to the mail list web page at http://lists.oasis-open.org/ob/adm.pl, or by sending a message to wss-request@lists.oasis-open.org with the word "subscribe" as the body of the message. (Note that subscribing to the mail list does not make you a member of the TC; to become a member you must contact the TC chair and attend the first meeting as described in the preceeding paragraph.)

A public comment list wss-comment@lists.oasis-open.org will be available for the public to make comments on the work of this TC; the public may subscribe to this list by going to the mail list web page at http://lists.oasis-open.org/ob/adm.pl, or by sending a message to wss-comment-request@lists.oasis-open.org with the word "subscribe" as the body of the message.

The archives of both of these mail lists are visible to the public at http://lists.oasis-open.org/archives/

</karl>
Karl F. Best
OASIS - Director, Technical Operations
+1 978.667.5115 x206
karl.best@oasis-open.org  http://www.oasis-open.org

Web Services Security Technical Committee Proposal

Name of the TC

OASIS Web Services Security Technical Committee (WSS)

Statement of Purpose

The purpose of the Web Services Security TC (WSS) is to continue work on the Web services security foundations published in the WS-Security specification [1] and under the context of the Web Services Security roadmap published in April, 2002 [2]. WS-Security forms the necessary technical foundation for higher-level security services including Federation, also within the context of the Web Services Security roadmap.

The Technical Committee will take advantage of the OASIS provided services for such things as e-mail lists and archives, and also web pages for tracking progress. E-mail archives will be visible to the public.

Relationship to Existing Activities

Many efforts related to Web services security and related technologies are underway throughout the industry. The following work may be relevant to this Web Services Security TC:

OASIS Access Control TC (XACML)
OASIS XML Common Biometric Format TC (XCBF)
OASIS Provisioning TC (PSTC)
OASIS Rights Language TC (XrML)
OASIS Security Services TC (SAML)
W3C XML Signature
W3C XML Encryption
W3C XML Key Management

Technical Committee Deliverables

The scope of the Web Services Security Technical Committee is the support of security mechanisms in the following areas:

a. Using XML signature to provide SOAP message integrity for Web services

b. Using XML encryption to provide SOAP message confidentiality for Web services

c. Attaching and/or referencing security tokens in headers of SOAP messages

d. Carrying security information for potentially multiple, designated actors

e. Associating signatures with security tokens

f. Representing specific forms of binary security tokens as defined in WS-Security specification.

Each of the security mechanisms will use implementation and language neutral XML formats defined in XML Schema.

The OASIS Web Services Security TC will:

1. Accept as input the Web Services Security (WS-Security) specification published by IBM, Microsoft, and VeriSign on April 11th 2002 [1].

2. Produce as output a specification for Web Services Security. This specification will reflect refinements and changes made to the submitted version of WS-Security that are identified by the WSS TC members for additional functionality within the scope of the TC charter.

3. Liaise and/or forge relationships with other Web services efforts to assist in leveraging WS-Security as a part of their specifications or solutions.

4. Coordinate with the chairs of the other OASIS security related groups via the Security Joint Coordination Committee.

5. Oversee ongoing maintenance and errata of the WS-Security specification.

Language in Which the TC will Conduct Business

English

Date and Time of the First Meeting

The first meeting will be held in person on September, 4-5, 2002 in San Francisco, CA (USA). The meeting will start at 10:00 am, PDT on September 4 and adjourn at 5:00 pm PDT on September 5.

Meeting Schedule for the First Year

The Web Services Security TC will meet via weekly conference call, and will hold quarterly face-to-face meetings on a schedule determined by the Web Services Security TC members. The phone call sponsors will be determined at the initial meeting.

Support

Names, Affiliation, and Electronic Mail Addresses of members who support the formation of this TC and are committed to the Meeting Schedule and Purpose:

Irving Reid, Baltimore Technologies, irving.reid@baltimore.com
David Orchard, BEA Systems, dorchard@bea.com
Krishna Sankar, Cisco Systems, ksankar@cisco.com
Sam Wei, Documentum, swei@documentum.com
Tim Moses, Entrust, tim.moses@entrust.com
Joel Munter, Intel, joel.d.munter@intel.com
Kelvin Lawrence, IBM, klawrenc@us.ibm.com
Igor Balabine, IONA, IBalabine@iona.com
Chris Kaler, Microsoft, ckaler@microsoft.com
Prateek Mishra, Netegrity, pmishra@netegrity.com
Ed Reed, Novell, EReed@novell.com
Nand Mulchandani, Oblix, nand@oblix.com
Adrien Ranson, OpenNetwork, aransom@opennetwork.com
Sarah Kent, RSA, skent@rsasecurity.com
Sachar Paulus, SAP, sachar.paulus@sap.com
Bill Smith, Sun Microsystems, bill.smith@sun.com
Jan Alexander, Systinet, alex@systinet.com
Phillip Hallam-Baker, VeriSign, pbaker@verisign.com

Chairs

The Web Services Security TC Co-Chairs will be Kelvin Lawrence (IBM) and Chris Kaler (Microsoft).

Meeting Sponsors

Bill Smith, Sun Microsystems will sponsor the first TC meeting. Sponsorship of subsequent TC meetings, whether in person or conference calls, will be determined by the TC membership.

References

[1] WS-Security Specification

http://www-106.ibm.com/developerworks/library/ws-secure/

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/html/ws-security.asp

http://www.verisign.com/wss/wss.pdf

[2] Web Services Security Roadmap

http://www-106.ibm.com/developerworks/library/ws-secmap/

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwssecur/html/securitywhitepaper.asp

http://www.verisign.com/wss/architectureRoadmap.pdf

Prepared by Robin Cover for The XML Cover Pages archive. See "Web Services Security Specification (WS-Security)" and news item of 2002-07-23.

SEARCH Advanced Search ABOUT Site Map CP RSS Channel Contact Us Sponsoring CP About Our Sponsors NEWS Cover Stories Articles & Papers Press Releases CORE STANDARDS XML SGML Schemas XSL/XSLT/XPath XLink XML Query CSS SVG TECHNOLOGY REPORTS XML Applications General Apps Government Apps Academic Apps EVENTS LIBRARY Introductions FAQs Bibliography Technology and Society Semantics Tech Topics Software Related Standards Historic	Web Services Security TC Call For Participation From: "Karl F. Best" <karl.best@oasis-open.org> To: tc-announce@lists.oasis-open.org,xml-dev@lists.xml.org, wss@lists.oasis-open.org Date: Tue, 09 Jul 2002 15:51:11 -0400 A new OASIS technical committee is being formed. The OASIS Web Services Security Technical Committee has been proposed by the following members of OASIS: Irving Reid, Baltimore Technologies; David Orchard, BEA Systems; Krishna Sankar, Cisco Systems; Sam Wei, Documentum; Tim Moses, Entrust; Joel Munter, Intel; Kelvin Lawrence, IBM; Igor Balabine, IONA; Chris Kaler, Microsoft; Prateek Mishra, Netegrity; Ed Reed, Novell; Nand Mulchandani, Oblix; Adrien Ranson, OpenNetwork; Sarah Kent, RSA; Sachar Paulus, SAP; Bill Smith, Sun Microsystems; Jan Alexander, Systinet; and Phillip Hallam-Baker, VeriSign. The proposal for a new TC meets the requirements of the OASIS TC Process (see http://oasis-open.org/committees/process.shtml), and is appended to this message. The proposal, which includes a statement of purpose, list of deliverables, and proposed schedule, will constitute the TC's charter. The TC Process allows these items to be clarified (revised) by the TC members; such clarifications (revisions), as well as submissions of technology for consideration by the TC and the beginning of technical discussions, may occur no sooner than the TC's first meeting. To become a member of this new TC you must 1) be an employee of an OASIS member organization or an Individual member of OASIS; 2) notify the TC co-chairs, Kelvin Lawrence (klawrenc@us.ibm.com) and Chris Kaler (ckaler@microsoft.com) of your intent to participate at least 15 days prior to the first meeting; and 3) attend the first meeting on 4-5 September. You should also subscribe to the TC's mail list. Note that membership in OASIS TCs is by individual, and not by organization. You must be eligible for participation at the time you time you notify the chair. The private mail list wss@lists.oasis-open.org is for committee discussions. TC members as well as any other interested OASIS members should subscribe to the list by going to the mail list web page at http://lists.oasis-open.org/ob/adm.pl, or by sending a message to wss-request@lists.oasis-open.org with the word "subscribe" as the body of the message. (Note that subscribing to the mail list does not make you a member of the TC; to become a member you must contact the TC chair and attend the first meeting as described in the preceeding paragraph.) A public comment list wss-comment@lists.oasis-open.org will be available for the public to make comments on the work of this TC; the public may subscribe to this list by going to the mail list web page at http://lists.oasis-open.org/ob/adm.pl, or by sending a message to wss-comment-request@lists.oasis-open.org with the word "subscribe" as the body of the message. The archives of both of these mail lists are visible to the public at http://lists.oasis-open.org/archives/ </karl> Karl F. Best OASIS - Director, Technical Operations +1 978.667.5115 x206 karl.best@oasis-open.org http://www.oasis-open.org Web Services Security Technical Committee Proposal Name of the TC OASIS Web Services Security Technical Committee (WSS) Statement of Purpose The purpose of the Web Services Security TC (WSS) is to continue work on the Web services security foundations published in the WS-Security specification [1] and under the context of the Web Services Security roadmap published in April, 2002 [2]. WS-Security forms the necessary technical foundation for higher-level security services including Federation, also within the context of the Web Services Security roadmap. The Technical Committee will take advantage of the OASIS provided services for such things as e-mail lists and archives, and also web pages for tracking progress. E-mail archives will be visible to the public. Relationship to Existing Activities Many efforts related to Web services security and related technologies are underway throughout the industry. The following work may be relevant to this Web Services Security TC: OASIS Access Control TC (XACML) OASIS XML Common Biometric Format TC (XCBF) OASIS Provisioning TC (PSTC) OASIS Rights Language TC (XrML) OASIS Security Services TC (SAML) W3C XML Signature W3C XML Encryption W3C XML Key Management Technical Committee Deliverables The scope of the Web Services Security Technical Committee is the support of security mechanisms in the following areas: a. Using XML signature to provide SOAP message integrity for Web services b. Using XML encryption to provide SOAP message confidentiality for Web services c. Attaching and/or referencing security tokens in headers of SOAP messages d. Carrying security information for potentially multiple, designated actors e. Associating signatures with security tokens f. Representing specific forms of binary security tokens as defined in WS-Security specification. Each of the security mechanisms will use implementation and language neutral XML formats defined in XML Schema. The OASIS Web Services Security TC will: 1. Accept as input the Web Services Security (WS-Security) specification published by IBM, Microsoft, and VeriSign on April 11th 2002 [1]. 2. Produce as output a specification for Web Services Security. This specification will reflect refinements and changes made to the submitted version of WS-Security that are identified by the WSS TC members for additional functionality within the scope of the TC charter. 3. Liaise and/or forge relationships with other Web services efforts to assist in leveraging WS-Security as a part of their specifications or solutions. 4. Coordinate with the chairs of the other OASIS security related groups via the Security Joint Coordination Committee. 5. Oversee ongoing maintenance and errata of the WS-Security specification. Language in Which the TC will Conduct Business English Date and Time of the First Meeting The first meeting will be held in person on September, 4-5, 2002 in San Francisco, CA (USA). The meeting will start at 10:00 am, PDT on September 4 and adjourn at 5:00 pm PDT on September 5. Meeting Schedule for the First Year The Web Services Security TC will meet via weekly conference call, and will hold quarterly face-to-face meetings on a schedule determined by the Web Services Security TC members. The phone call sponsors will be determined at the initial meeting. Support Names, Affiliation, and Electronic Mail Addresses of members who support the formation of this TC and are committed to the Meeting Schedule and Purpose: Irving Reid, Baltimore Technologies, irving.reid@baltimore.com David Orchard, BEA Systems, dorchard@bea.com Krishna Sankar, Cisco Systems, ksankar@cisco.com Sam Wei, Documentum, swei@documentum.com Tim Moses, Entrust, tim.moses@entrust.com Joel Munter, Intel, joel.d.munter@intel.com Kelvin Lawrence, IBM, klawrenc@us.ibm.com Igor Balabine, IONA, IBalabine@iona.com Chris Kaler, Microsoft, ckaler@microsoft.com Prateek Mishra, Netegrity, pmishra@netegrity.com Ed Reed, Novell, EReed@novell.com Nand Mulchandani, Oblix, nand@oblix.com Adrien Ranson, OpenNetwork, aransom@opennetwork.com Sarah Kent, RSA, skent@rsasecurity.com Sachar Paulus, SAP, sachar.paulus@sap.com Bill Smith, Sun Microsystems, bill.smith@sun.com Jan Alexander, Systinet, alex@systinet.com Phillip Hallam-Baker, VeriSign, pbaker@verisign.com Chairs The Web Services Security TC Co-Chairs will be Kelvin Lawrence (IBM) and Chris Kaler (Microsoft). Meeting Sponsors Bill Smith, Sun Microsystems will sponsor the first TC meeting. Sponsorship of subsequent TC meetings, whether in person or conference calls, will be determined by the TC membership. References [1] WS-Security Specification http://www-106.ibm.com/developerworks/library/ws-secure/ http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/html/ws-security.asp http://www.verisign.com/wss/wss.pdf [2] Web Services Security Roadmap http://www-106.ibm.com/developerworks/library/ws-secmap/ http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwssecur/html/securitywhitepaper.asp http://www.verisign.com/wss/architectureRoadmap.pdf Prepared by Robin Cover for The XML Cover Pages archive. See "Web Services Security Specification (WS-Security)" and news item of 2002-07-23.