WS-I Final Material: Security Challenges, Threats and Countermeasures

WS-I Promotes Security Document to Final Material Status

'Security Challenges, Threats and Countermeasures' Approved by Membership

San Francisco, California, USA. May 16, 2005.

The Web Services Interoperability Organization (WS-I) today announced the publication of its "Security Challenges, Threats and Countermeasures" document (SCTC) as Final Material. The Final Material designation is applied to those deliverables that have been formally approved by the WS-I member community. Developed by the WS-I Basic Security Profile Working Group, the SCTC identifies security challenges and threats in building interoperable Web services and countermeasures for these risks. The document is available for download at www.ws-i.org.

"Security has been identified as one of the most important challenges to interoperable Web services," said Tom Glover, WS-I Chairman. "The publication of WS-I's 'Security Challenges, Threats and Countermeasures' document as Final Material will enable Web services architects and developers to minimize risk while focusing on interoperability."

Security Challenges, Threats and Countermeasures

The Final Material document describes several security challenges, threats and countermeasures in building interoperable Web services, as well as usage scenarios and solutions, including:

Challenges: describes several security challenges, including ensuring data integrity, data confidentiality and message uniqueness
Threats: outlines 10 threats on these challenges, such as message alteration, falsified messages, message replay and denial of service attacks
Countermeasures: recommends how technologies like HTTPS and OASIS Web Services Security (WS-Security): SOAP Message Security 1.0 can be used to counter some of these threats
Usage Scenarios and Solutions: describes how these technologies can be used with the Message Exchange Patterns (MEPs) that have been used in WS-I deliverables such as the Basic Profile 1.0 Sample Applications

The WS-I Basic Security Profile Working Group has also been at work on the Basic Security Profile (BSP), which is expected to be published as Final Material this Summer. The BSP is an interoperability profile involving transport security, SOAP messaging security and other security considerations implicated by the Basic Profile. The Basic Security Profile is intended to compose with other WS-I profiles and will reference existing specifications used to provide security, including the WS-Security 1.0 OASIS Standard, and provide clarifications and guidance designed to promote interoperability of those specifications.

About WS-I

WS-I is an open industry organization committed to promoting consistent and reliable interoperability among Web services across platforms, applications and programming languages. The organization unites a diverse community of Web services companies to provide guidance, recommended practices and supporting resources for developing interoperable Web services. For more information, please visit http://www.ws-i.org or e-mail info@ws-i.org.

Public Relations Contact

Christian Danella
Prequent, Inc. (for WS-I)
Tel: +1 (415) 441-6639
Email: christian@prequent.com

[Source: http://www.ws-i.org/docs/press/20050516wsipr.htm]

Prepared by Robin Cover for The XML Cover Pages archive. General references in "Web Services Interoperability Organization (WS-I)."

SEARCH Advanced Search ABOUT Site Map CP RSS Channel Contact Us Sponsoring CP About Our Sponsors NEWS Cover Stories Articles & Papers Press Releases CORE STANDARDS XML SGML Schemas XSL/XSLT/XPath XLink XML Query CSS SVG TECHNOLOGY REPORTS XML Applications General Apps Government Apps Academic Apps EVENTS LIBRARY Introductions FAQs Bibliography Technology and Society Semantics Tech Topics Software Related Standards Historic	WS-I Final Material: Security Challenges, Threats and Countermeasures WS-I Promotes Security Document to Final Material Status 'Security Challenges, Threats and Countermeasures' Approved by Membership San Francisco, California, USA. May 16, 2005. The Web Services Interoperability Organization (WS-I) today announced the publication of its "Security Challenges, Threats and Countermeasures" document (SCTC) as Final Material. The Final Material designation is applied to those deliverables that have been formally approved by the WS-I member community. Developed by the WS-I Basic Security Profile Working Group, the SCTC identifies security challenges and threats in building interoperable Web services and countermeasures for these risks. The document is available for download at www.ws-i.org. "Security has been identified as one of the most important challenges to interoperable Web services," said Tom Glover, WS-I Chairman. "The publication of WS-I's 'Security Challenges, Threats and Countermeasures' document as Final Material will enable Web services architects and developers to minimize risk while focusing on interoperability." Security Challenges, Threats and Countermeasures The Final Material document describes several security challenges, threats and countermeasures in building interoperable Web services, as well as usage scenarios and solutions, including: Challenges: describes several security challenges, including ensuring data integrity, data confidentiality and message uniqueness Threats: outlines 10 threats on these challenges, such as message alteration, falsified messages, message replay and denial of service attacks Countermeasures: recommends how technologies like HTTPS and OASIS Web Services Security (WS-Security): SOAP Message Security 1.0 can be used to counter some of these threats Usage Scenarios and Solutions: describes how these technologies can be used with the Message Exchange Patterns (MEPs) that have been used in WS-I deliverables such as the Basic Profile 1.0 Sample Applications The WS-I Basic Security Profile Working Group has also been at work on the Basic Security Profile (BSP), which is expected to be published as Final Material this Summer. The BSP is an interoperability profile involving transport security, SOAP messaging security and other security considerations implicated by the Basic Profile. The Basic Security Profile is intended to compose with other WS-I profiles and will reference existing specifications used to provide security, including the WS-Security 1.0 OASIS Standard, and provide clarifications and guidance designed to promote interoperability of those specifications. About WS-I WS-I is an open industry organization committed to promoting consistent and reliable interoperability among Web services across platforms, applications and programming languages. The organization unites a diverse community of Web services companies to provide guidance, recommended practices and supporting resources for developing interoperable Web services. For more information, please visit http://www.ws-i.org or e-mail info@ws-i.org. Public Relations Contact Christian Danella Prequent, Inc. (for WS-I) Tel: +1 (415) 441-6639 Email: christian@prequent.com [Source: http://www.ws-i.org/docs/press/20050516wsipr.htm] Prepared by Robin Cover for The XML Cover Pages archive. General references in "Web Services Interoperability Organization (WS-I)."