WS-I Security Scenarios Public Draft

WS-I Publishes Web Services Security Interoperability Guidelines

Security Scenarios Outline Challenges, Threats and Countermeasures

San Francisco, CA, USA. February 25, 2004.

Today, at the thirteenth annual RSA Conference, the world's leading e-security event, the Web Services Interoperability Organization (WS-I) announced the availability of the first Security Scenarios Working Group Draft for public review. Developed by the WS-I Basic Security Profile Working Group, the Security Scenarios document identifies security challenges and threats in building interoperable Web services and countermeasures for these risks. The news was announced today during a media event at RSA featuring Web services security experts from the WS-I Basic Security Profile Working Group.

"The development of the Security Scenarios Working Group Draft is an important step in furthering the progress of Web services and driving customer adoption," said Paul Cotton, Chair of the WS-I Basic Security Profile Working Group. "By enabling Web services architects and developers to identify potential security challenges and threats, they can more easily ensure the successful deployment of their Web services projects and achieve greater levels of interoperability."

"Enterprises that deploy Web services without mature strategies for security will be vulnerable to cyberattacks," said Ray Wagner, Research Director, Information Security Strategies at Gartner. "Web services security decisions are complex, and interoperability is a key challenge. WS-I's guidance, including the Security Scenarios and the forthcoming Basic Security Profile, could be an important factor in the success of enterprises' Web services security initiatives. WS-I can provide much-needed clarity for the practical and pragmatic use of Web services security standards."

Security Challenges, Threats and Countermeasures

The Security Scenarios document describes several security challenges, threats and countermeasures in building interoperable Web services, as well as usage scenarios and solutions, including:

Challenges: describes several security challenges, including ensuring data integrity, data confidentiality and message uniqueness
Threats: outlines 10 threats on these challenges, such as message alteration, falsified messages, message replay and denial of service attacks
Countermeasures: recommends how technologies like HTTPS and OASIS Web Services Security: SOAP Message Security 1.0 can be used to counter some of these threats
Usage Scenarios and Solutions: describes how these technologies can be used with the Message Exchange Patterns (MEPs) that have been used in WS-I deliverables such as the Basic Profile 1.0 Sample Applications

The Security Scenarios Working Group Draft is now available on the WS-I website at www.ws-i.org. WS-I is requesting public comment from all interested parties to ensure quality and broad applicability. Feedback should be sent to secprofile_comment@ws-i.org.

Work Continues on Basic Security Profile

WS-I is also currently working on the Basic Security Profile, an interoperability profile involving transport security, SOAP messaging security and other security considerations implicated by the Basic Profile 1.0. The Basic Security Profile is intended to compose with other WS-I profiles and will reference existing specifications used to provide security, including the OASIS Web Services Security 1.0 specification, and provide clarifications and guidance designed to promote interoperability of those specifications. A Working Group Draft of the Basic Security Profile is expected to be delivered next quarter.

About WS-I

WS-I is an open industry organization committed to promoting consistent and reliable interoperability among Web services across platforms, applications and programming languages. The organization unites a diverse community of Web services companies by providing guidance, recommended practices and supporting resources for developing interoperable Web services. Since its formation in February 2002, more than 170 companies have joined WS-I. For more information, please visit http://www.ws-i.org, or e-mail info@ws-i.org.

Public Relations Contact

Christian Danella
Prequent, Inc.
Tel: +1 (408) 307-1236
Email: christian@prequent.com

Meet WS-I at RSA Conference
February 23-27, 2004
Moscone Convention Center, San Francisco
Booth #209

[Source: http://www.ws-i.org/docs/20040225wsipr.htm]

Prepared by Robin Cover for The XML Cover Pages archive. See other details in "WS-I Releases Public Working Draft Document on Security Scenarios." General references in "Web Services Interoperability Organization (WS-I)."

SEARCH Advanced Search ABOUT Site Map CP RSS Channel Contact Us Sponsoring CP About Our Sponsors NEWS Cover Stories Articles & Papers Press Releases CORE STANDARDS XML SGML Schemas XSL/XSLT/XPath XLink XML Query CSS SVG TECHNOLOGY REPORTS XML Applications General Apps Government Apps Academic Apps EVENTS LIBRARY Introductions FAQs Bibliography Technology and Society Semantics Tech Topics Software Related Standards Historic	WS-I Security Scenarios Public Draft WS-I Publishes Web Services Security Interoperability Guidelines Security Scenarios Outline Challenges, Threats and Countermeasures San Francisco, CA, USA. February 25, 2004. Today, at the thirteenth annual RSA Conference, the world's leading e-security event, the Web Services Interoperability Organization (WS-I) announced the availability of the first Security Scenarios Working Group Draft for public review. Developed by the WS-I Basic Security Profile Working Group, the Security Scenarios document identifies security challenges and threats in building interoperable Web services and countermeasures for these risks. The news was announced today during a media event at RSA featuring Web services security experts from the WS-I Basic Security Profile Working Group. "The development of the Security Scenarios Working Group Draft is an important step in furthering the progress of Web services and driving customer adoption," said Paul Cotton, Chair of the WS-I Basic Security Profile Working Group. "By enabling Web services architects and developers to identify potential security challenges and threats, they can more easily ensure the successful deployment of their Web services projects and achieve greater levels of interoperability." "Enterprises that deploy Web services without mature strategies for security will be vulnerable to cyberattacks," said Ray Wagner, Research Director, Information Security Strategies at Gartner. "Web services security decisions are complex, and interoperability is a key challenge. WS-I's guidance, including the Security Scenarios and the forthcoming Basic Security Profile, could be an important factor in the success of enterprises' Web services security initiatives. WS-I can provide much-needed clarity for the practical and pragmatic use of Web services security standards." Security Challenges, Threats and Countermeasures The Security Scenarios document describes several security challenges, threats and countermeasures in building interoperable Web services, as well as usage scenarios and solutions, including: Challenges: describes several security challenges, including ensuring data integrity, data confidentiality and message uniqueness Threats: outlines 10 threats on these challenges, such as message alteration, falsified messages, message replay and denial of service attacks Countermeasures: recommends how technologies like HTTPS and OASIS Web Services Security: SOAP Message Security 1.0 can be used to counter some of these threats Usage Scenarios and Solutions: describes how these technologies can be used with the Message Exchange Patterns (MEPs) that have been used in WS-I deliverables such as the Basic Profile 1.0 Sample Applications The Security Scenarios Working Group Draft is now available on the WS-I website at www.ws-i.org. WS-I is requesting public comment from all interested parties to ensure quality and broad applicability. Feedback should be sent to secprofile_comment@ws-i.org. Work Continues on Basic Security Profile WS-I is also currently working on the Basic Security Profile, an interoperability profile involving transport security, SOAP messaging security and other security considerations implicated by the Basic Profile 1.0. The Basic Security Profile is intended to compose with other WS-I profiles and will reference existing specifications used to provide security, including the OASIS Web Services Security 1.0 specification, and provide clarifications and guidance designed to promote interoperability of those specifications. A Working Group Draft of the Basic Security Profile is expected to be delivered next quarter. About WS-I WS-I is an open industry organization committed to promoting consistent and reliable interoperability among Web services across platforms, applications and programming languages. The organization unites a diverse community of Web services companies by providing guidance, recommended practices and supporting resources for developing interoperable Web services. Since its formation in February 2002, more than 170 companies have joined WS-I. For more information, please visit http://www.ws-i.org, or e-mail info@ws-i.org. Public Relations Contact Christian Danella Prequent, Inc. Tel: +1 (408) 307-1236 Email: christian@prequent.com Meet WS-I at RSA Conference February 23-27, 2004 Moscone Convention Center, San Francisco Booth #209 [Source: http://www.ws-i.org/docs/20040225wsipr.htm] Prepared by Robin Cover for The XML Cover Pages archive. See other details in "WS-I Releases Public Working Draft Document on Security Scenarios." General references in "Web Services Interoperability Organization (WS-I)."