Cover Pages Logo SEARCH
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards

WS-I Final Material: Security Challenges, Threats and Countermeasures

WS-I Promotes Security Document to Final Material Status

'Security Challenges, Threats and Countermeasures' Approved by Membership

San Francisco, California, USA. May 16, 2005.

The Web Services Interoperability Organization (WS-I) today announced the publication of its "Security Challenges, Threats and Countermeasures" document (SCTC) as Final Material. The Final Material designation is applied to those deliverables that have been formally approved by the WS-I member community. Developed by the WS-I Basic Security Profile Working Group, the SCTC identifies security challenges and threats in building interoperable Web services and countermeasures for these risks. The document is available for download at

"Security has been identified as one of the most important challenges to interoperable Web services," said Tom Glover, WS-I Chairman. "The publication of WS-I's 'Security Challenges, Threats and Countermeasures' document as Final Material will enable Web services architects and developers to minimize risk while focusing on interoperability."

Security Challenges, Threats and Countermeasures

The Final Material document describes several security challenges, threats and countermeasures in building interoperable Web services, as well as usage scenarios and solutions, including:

  • Challenges: describes several security challenges, including ensuring data integrity, data confidentiality and message uniqueness

  • Threats: outlines 10 threats on these challenges, such as message alteration, falsified messages, message replay and denial of service attacks

  • Countermeasures: recommends how technologies like HTTPS and OASIS Web Services Security (WS-Security): SOAP Message Security 1.0 can be used to counter some of these threats

  • Usage Scenarios and Solutions: describes how these technologies can be used with the Message Exchange Patterns (MEPs) that have been used in WS-I deliverables such as the Basic Profile 1.0 Sample Applications

The WS-I Basic Security Profile Working Group has also been at work on the Basic Security Profile (BSP), which is expected to be published as Final Material this Summer. The BSP is an interoperability profile involving transport security, SOAP messaging security and other security considerations implicated by the Basic Profile. The Basic Security Profile is intended to compose with other WS-I profiles and will reference existing specifications used to provide security, including the WS-Security 1.0 OASIS Standard, and provide clarifications and guidance designed to promote interoperability of those specifications.

About WS-I

WS-I is an open industry organization committed to promoting consistent and reliable interoperability among Web services across platforms, applications and programming languages. The organization unites a diverse community of Web services companies to provide guidance, recommended practices and supporting resources for developing interoperable Web services. For more information, please visit or e-mail

Public Relations Contact

Christian Danella
Prequent, Inc. (for WS-I)
Tel: +1 (415) 441-6639


Prepared by Robin Cover for The XML Cover Pages archive. General references in "Web Services Interoperability Organization (WS-I)."

Globe Image

Document URL:  —  Legal stuff