WS-I Final Material: Security Challenges, Threats and Countermeasures
WS-I Promotes Security Document to Final Material Status
'Security Challenges, Threats and Countermeasures' Approved by Membership
San Francisco, California, USA. May 16, 2005.
The Web Services Interoperability Organization (WS-I) today announced the publication of its "Security Challenges, Threats and Countermeasures" document (SCTC) as Final Material. The Final Material designation is applied to those deliverables that have been formally approved by the WS-I member community. Developed by the WS-I Basic Security Profile Working Group, the SCTC identifies security challenges and threats in building interoperable Web services and countermeasures for these risks. The document is available for download at www.ws-i.org.
"Security has been identified as one of the most important challenges to interoperable Web services," said Tom Glover, WS-I Chairman. "The publication of WS-I's 'Security Challenges, Threats and Countermeasures' document as Final Material will enable Web services architects and developers to minimize risk while focusing on interoperability."
Security Challenges, Threats and Countermeasures
The Final Material document describes several security challenges, threats and countermeasures in building interoperable Web services, as well as usage scenarios and solutions, including:
Challenges: describes several security challenges, including ensuring data integrity, data confidentiality and message uniqueness
Threats: outlines 10 threats on these challenges, such as message alteration, falsified messages, message replay and denial of service attacks
Countermeasures: recommends how technologies like HTTPS and OASIS Web Services Security (WS-Security): SOAP Message Security 1.0 can be used to counter some of these threats
Usage Scenarios and Solutions: describes how these technologies can be used with the Message Exchange Patterns (MEPs) that have been used in WS-I deliverables such as the Basic Profile 1.0 Sample Applications
The WS-I Basic Security Profile Working Group has also been at work on the Basic Security Profile (BSP), which is expected to be published as Final Material this Summer. The BSP is an interoperability profile involving transport security, SOAP messaging security and other security considerations implicated by the Basic Profile. The Basic Security Profile is intended to compose with other WS-I profiles and will reference existing specifications used to provide security, including the WS-Security 1.0 OASIS Standard, and provide clarifications and guidance designed to promote interoperability of those specifications.
WS-I is an open industry organization committed to promoting consistent and reliable interoperability among Web services across platforms, applications and programming languages. The organization unites a diverse community of Web services companies to provide guidance, recommended practices and supporting resources for developing interoperable Web services. For more information, please visit http://www.ws-i.org or e-mail firstname.lastname@example.org.
Public Relations Contact
Prequent, Inc. (for WS-I)
Tel: +1 (415) 441-6639
Prepared by Robin Cover for The XML Cover Pages archive. General references in "Web Services Interoperability Organization (WS-I)."