Cover Pages Logo SEARCH
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards

WS-I Security Scenarios Public Draft

WS-I Publishes Web Services Security Interoperability Guidelines

Security Scenarios Outline Challenges, Threats and Countermeasures

San Francisco, CA, USA. February 25, 2004.

Today, at the thirteenth annual RSA Conference, the world's leading e-security event, the Web Services Interoperability Organization (WS-I) announced the availability of the first Security Scenarios Working Group Draft for public review. Developed by the WS-I Basic Security Profile Working Group, the Security Scenarios document identifies security challenges and threats in building interoperable Web services and countermeasures for these risks. The news was announced today during a media event at RSA featuring Web services security experts from the WS-I Basic Security Profile Working Group.

"The development of the Security Scenarios Working Group Draft is an important step in furthering the progress of Web services and driving customer adoption," said Paul Cotton, Chair of the WS-I Basic Security Profile Working Group. "By enabling Web services architects and developers to identify potential security challenges and threats, they can more easily ensure the successful deployment of their Web services projects and achieve greater levels of interoperability."

"Enterprises that deploy Web services without mature strategies for security will be vulnerable to cyberattacks," said Ray Wagner, Research Director, Information Security Strategies at Gartner. "Web services security decisions are complex, and interoperability is a key challenge. WS-I's guidance, including the Security Scenarios and the forthcoming Basic Security Profile, could be an important factor in the success of enterprises' Web services security initiatives. WS-I can provide much-needed clarity for the practical and pragmatic use of Web services security standards."

Security Challenges, Threats and Countermeasures

The Security Scenarios document describes several security challenges, threats and countermeasures in building interoperable Web services, as well as usage scenarios and solutions, including:

  • Challenges: describes several security challenges, including ensuring data integrity, data confidentiality and message uniqueness

  • Threats: outlines 10 threats on these challenges, such as message alteration, falsified messages, message replay and denial of service attacks

  • Countermeasures: recommends how technologies like HTTPS and OASIS Web Services Security: SOAP Message Security 1.0 can be used to counter some of these threats

  • Usage Scenarios and Solutions: describes how these technologies can be used with the Message Exchange Patterns (MEPs) that have been used in WS-I deliverables such as the Basic Profile 1.0 Sample Applications

The Security Scenarios Working Group Draft is now available on the WS-I website at WS-I is requesting public comment from all interested parties to ensure quality and broad applicability. Feedback should be sent to

Work Continues on Basic Security Profile

WS-I is also currently working on the Basic Security Profile, an interoperability profile involving transport security, SOAP messaging security and other security considerations implicated by the Basic Profile 1.0. The Basic Security Profile is intended to compose with other WS-I profiles and will reference existing specifications used to provide security, including the OASIS Web Services Security 1.0 specification, and provide clarifications and guidance designed to promote interoperability of those specifications. A Working Group Draft of the Basic Security Profile is expected to be delivered next quarter.

About WS-I

WS-I is an open industry organization committed to promoting consistent and reliable interoperability among Web services across platforms, applications and programming languages. The organization unites a diverse community of Web services companies by providing guidance, recommended practices and supporting resources for developing interoperable Web services. Since its formation in February 2002, more than 170 companies have joined WS-I. For more information, please visit, or e-mail

Public Relations Contact

Christian Danella
Prequent, Inc.
Tel: +1 (408) 307-1236

Meet WS-I at RSA Conference
February 23-27, 2004
Moscone Convention Center, San Francisco
Booth #209


Prepared by Robin Cover for The XML Cover Pages archive. See other details in "WS-I Releases Public Working Draft Document on Security Scenarios." General references in "Web Services Interoperability Organization (WS-I)."

Globe Image

Document URL: