The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
SEARCH | ABOUT | INDEX | NEWS | CORE STANDARDS | TECHNOLOGY REPORTS | EVENTS | LIBRARY
SEARCH
Advanced Search
ABOUT
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

NEWS
Cover Stories
Articles & Papers
Press Releases

CORE STANDARDS
XML
SGML
Schemas
XSL/XSLT/XPath
XLink
XML Query
CSS
SVG

TECHNOLOGY REPORTS
XML Applications
General Apps
Government Apps
Academic Apps

EVENTS
LIBRARY
Introductions
FAQs
Bibliography
Technology and Society
Semantics
Tech Topics
Software
Related Standards
Historic
Created: August 13, 2004.
News: Cover StoriesPrevious News ItemNext News Item

OASIS Web Services Security TC Prepares Additional WSS Profiles.

Members of the OASIS Web Services Security Technical Committee are completing new work in the form of WSS profile specifications. The five profiles under development and review will complement the documents published as WSS 1.0 in April 2004.

The OASIS Web Services Security (WSS) specification is an approved OASIS Standard that "builds upon existing security technologies such as XML Digital Signature, XML Encryption and X.509 Certificates to deliver an industry standard way of securing Web services message exchanges. Providing a framework within which authentication and authorization take place, WSS lets user apply existing security technology and infrastructure in a Web services environment. WSS handles complex confidentiality and integrity for SOAP (Simple Object Access Protocol) messages, providing a general-purpose mechanism for associating security tokens with message content. Designed to be extensible, WSS supports multiple security token formats."

The WSS SAML Token Profile approved as an OASIS Committee Draft in July 2004 describes how to use Security Assertion Markup Language (SAML) Version 1.1 assertions with the Web Services Security (WSS): SOAP Message Security specification. It defines how SAML assertions are carried in and referenced from <wsse:security> headers and describes how SAML assertions are used with XML Signature to bind the statements of the assertions (i.e., the claims) to a SOAP message.

The Rights Expression Language (REL) Token Profile is a Committee Draft which describes the use of ISO/IEC 21000-5 Rights Expressions with respect to the SOAP Message Security 1.0 specification.

SOAP Messages with Attachments (SwA) Profile 1.0 is an OASIS TC Working Draft which defines how to use the OASIS Web Services Security: SOAP Message Security standard with SOAP Messages with Attachments (SwA). It "describes how a web service consumer can secure SOAP attachments using SOAP Message Security for attachment integrity, confidentiality and origin authentication, and how a receiver may process such a message."

The Kerberos Token Profile 1.0 Working Draft document "defines how to encode Kerberos tickets and attach them to SOAP messages. It also specifies how to add signatures and encryption to the SOAP message, in accordance with WS-Security, which uses and references the Kerberos tokens."

The WSS TC's Minimalist Profile (MProf) "defines a subset of OASIS WSS: SOAP Message Security features. The subset is "intended to minimize the resource requirements of its implementation and maximize the performance, while keeping the interoperability with the base specification."

Bibliographic Information


Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation

Primeton

XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Bottom Globe Image

Document URI: http://xml.coverpages.org/ni2004-08-13-a.html  —  Legal stuff
Robin Cover, Editor: robin@oasis-open.org