WS-I Basic Security Profile Working Group Draft

WS-I Publishes Basic Security Profile Working Group Draft

Profiles OASIS WS-Security Specification

Now Available for Public Comment

Los Angeles, California, USA. May 18, 2004.

The Web Services Interoperability Organization (WS-I) today announced the availability of the WS-I Basic Security Profile Working Group Draft. When final, the Basic Security Profile will be a guide for the use of Web services security standards and technologies in the development of interoperable Web services. The WS-I Basic Security Profile Working Group Draft can be reviewed at www.ws-i.org, and feedback may be submitted to wsi_secprofile_comment@lists.ws-i.org.

"The WS-I Basic Security Profile Working Group has made this working draft public in order to solicit feedback from the Web services community, with the goal of ensuring the high quality and broad applicability of the profile," said Paul Cotton, Chair of the WS-I Basic Security Profile Working Group. "The process of incorporating public feedback was critical to the success of the WS-I Basic Profile, and we anticipate the same benefits from this process."

"The successful deployment of standards-based security technologies will be a key determinant in the widespread adoption of Web services," said Ray Wagner, Research Director, Information Security Strategies at Gartner. "Along with the Security Scenarios that were made available for public comment this past February, the Basic Security Profile will be an important resource for Web services developers and security architects concerned with security and interoperability."

Basic Security Profile Defined

The Basic Security Profile is an interoperability profile that addresses transport security, SOAP messaging security and other security considerations for the Basic Profile 1.0, as well as the Basic Profile 1.1, Simple SOAP Binding Profile 1.0 and Attachments Profile 1.0, currently available for public review as Working Group Drafts. The Basic Security Profile is intended to compose with other WS-I profiles and will reference existing specifications used to provide security, including the OASIS Web Services Security 1.0 specification, and provide clarifications and guidance designed to promote interoperability of those specifications.

The Basic Security Profile focuses on the interoperability characteristics of two main technologies: HTTP over TLS and Web Services Security: SOAP Message Security. HTTP over TLS is a point-to-point technology that protects the confidentiality of all information that flows over an HTTP connection. Web Services Security: SOAP Message Security provides security protection for SOAP messages and applies even when a message passes through several intermediary waypoints, allowing differing levels of protection for selected portions of a message. The Basic Security Profile describes a way to apply SOAP Message Security to attachments.

The Basic Security Profile also incorporates Web Services Security: Username Token Profile and Web Services Security: X.509 Certificate Token Profile. The Basic Security Profile Working Group is planning to incorporate the Web Services Security: Kerberos Token Profile into the Basic Security Profile upon completion of the technical work by the OASIS Web Services Security Technical Committee. In addition, WS-I is considering incorporating other token profiles such as the Web Services Security: SAML Token Profile and Web Services Security: XRML Token Profile into the Basic Security Profile.

About WS-I

WS-I is an open industry organization committed to promoting consistent and reliable interoperability among Web services across platforms, applications and programming languages. The organization unites a diverse community of Web services companies by providing guidance, recommended practices and supporting resources for developing interoperable Web services. Since its formation in February 2002, more than 170 companies have joined WS-I. For more information please visit http://www.ws-i.org, or e-mail info@ws-i.org.

Public Relations Contact

Prequent, Inc.
Christian Danella
Tel: +1 650-688-5724
Mobile: +1 408-307-1236
Email: christian@prequent.com

[Source: http://www.ws-i.org/docs/20040518wsipr.htm ]

Prepared by Robin Cover for The XML Cover Pages archive. See details in the news story "WS-I Releases Basic Security Profile Version 1.0 Working Group Draft.". General references in "Web Services Interoperability Organization (WS-I)."

SEARCH Advanced Search ABOUT Site Map CP RSS Channel Contact Us Sponsoring CP About Our Sponsors NEWS Cover Stories Articles & Papers Press Releases CORE STANDARDS XML SGML Schemas XSL/XSLT/XPath XLink XML Query CSS SVG TECHNOLOGY REPORTS XML Applications General Apps Government Apps Academic Apps EVENTS LIBRARY Introductions FAQs Bibliography Technology and Society Semantics Tech Topics Software Related Standards Historic	WS-I Basic Security Profile Working Group Draft WS-I Publishes Basic Security Profile Working Group Draft Profiles OASIS WS-Security Specification Now Available for Public Comment Los Angeles, California, USA. May 18, 2004. The Web Services Interoperability Organization (WS-I) today announced the availability of the WS-I Basic Security Profile Working Group Draft. When final, the Basic Security Profile will be a guide for the use of Web services security standards and technologies in the development of interoperable Web services. The WS-I Basic Security Profile Working Group Draft can be reviewed at www.ws-i.org, and feedback may be submitted to wsi_secprofile_comment@lists.ws-i.org. "The WS-I Basic Security Profile Working Group has made this working draft public in order to solicit feedback from the Web services community, with the goal of ensuring the high quality and broad applicability of the profile," said Paul Cotton, Chair of the WS-I Basic Security Profile Working Group. "The process of incorporating public feedback was critical to the success of the WS-I Basic Profile, and we anticipate the same benefits from this process." "The successful deployment of standards-based security technologies will be a key determinant in the widespread adoption of Web services," said Ray Wagner, Research Director, Information Security Strategies at Gartner. "Along with the Security Scenarios that were made available for public comment this past February, the Basic Security Profile will be an important resource for Web services developers and security architects concerned with security and interoperability." Basic Security Profile Defined The Basic Security Profile is an interoperability profile that addresses transport security, SOAP messaging security and other security considerations for the Basic Profile 1.0, as well as the Basic Profile 1.1, Simple SOAP Binding Profile 1.0 and Attachments Profile 1.0, currently available for public review as Working Group Drafts. The Basic Security Profile is intended to compose with other WS-I profiles and will reference existing specifications used to provide security, including the OASIS Web Services Security 1.0 specification, and provide clarifications and guidance designed to promote interoperability of those specifications. The Basic Security Profile focuses on the interoperability characteristics of two main technologies: HTTP over TLS and Web Services Security: SOAP Message Security. HTTP over TLS is a point-to-point technology that protects the confidentiality of all information that flows over an HTTP connection. Web Services Security: SOAP Message Security provides security protection for SOAP messages and applies even when a message passes through several intermediary waypoints, allowing differing levels of protection for selected portions of a message. The Basic Security Profile describes a way to apply SOAP Message Security to attachments. The Basic Security Profile also incorporates Web Services Security: Username Token Profile and Web Services Security: X.509 Certificate Token Profile. The Basic Security Profile Working Group is planning to incorporate the Web Services Security: Kerberos Token Profile into the Basic Security Profile upon completion of the technical work by the OASIS Web Services Security Technical Committee. In addition, WS-I is considering incorporating other token profiles such as the Web Services Security: SAML Token Profile and Web Services Security: XRML Token Profile into the Basic Security Profile. About WS-I WS-I is an open industry organization committed to promoting consistent and reliable interoperability among Web services across platforms, applications and programming languages. The organization unites a diverse community of Web services companies by providing guidance, recommended practices and supporting resources for developing interoperable Web services. Since its formation in February 2002, more than 170 companies have joined WS-I. For more information please visit http://www.ws-i.org, or e-mail info@ws-i.org. Public Relations Contact Prequent, Inc. Christian Danella Tel: +1 650-688-5724 Mobile: +1 408-307-1236 Email: christian@prequent.com [Source: http://www.ws-i.org/docs/20040518wsipr.htm ] Prepared by Robin Cover for The XML Cover Pages archive. See details in the news story "WS-I Releases Basic Security Profile Version 1.0 Working Group Draft.". General references in "Web Services Interoperability Organization (WS-I)."