RealTime IT News

OASIS Forms WS-Security Technical Committee

The OASIS standards consortium Tuesday opened a technical committee on WS-Security, the Web services security specification submitted to the organization in June by joint developers VeriSign , IBM and Microsoft .

WS-Security defines a set of SOAP extensions which can be used to implement integrity and confidentiality in Web services applications, laying the groundwork for higher-level facilities like federation, policy and trust. When the three companies published the specification in April, they also laid out a roadmap for the future of security implementations. The three-pronged approach includes:

  • Enhancing single-message authentication, message integrity and confidentiality through the SOAP messaging standard
  • Security tokens for individual users to access different levels of the Web service infrastructure (i.e., customers and administrators)
  • Using encrypted keys on x.509 and Kerberos tickets and defining how they should be encoded.

The three companies made the specification available to OASIS on a royalty-free (RF) basis.

The new OASIS WS-Security Technical Committee is composed of BEA Systems, Blockade Systems, Commerce One, divine, Documentum, Fujitsu, Intel, IBM, IONA, Microsoft, Novell, Oblix, OpenNetwork, Perficient, SAP, SeeBeyond, Sonic Software, Sun Microsystems, TIBCO, VeriSign, webMethods, and XML Global.

"WS-Security is one of the first Web services standards to support, integrate and unify multiple security models, mechanisms and technologies, allowing a variety of systems to interoperate in a platform- and language-neutral manner," said Chris Kaler of Microsoft, co-chair of the technical committee with IBM's Kelvin Lawrence.

Already, OASIS' Security Services Technical committee has indicated that it will work with the new WS-Security Technical Committee to make WS-Security work with SAML , or Security Assertion Mark-up Language, a specification developed by RSA Security, and demoed by OASIS last week.

"WS-Security is complementary to our work on SAML," said Joe Pato of HP, co-chair of the Security Services Technical Committee. "In fact, our team intends to employ WS-Security to specify the use of SAML for adding security features to SOAP messages."

Sun Microsystems, which has become a bitter rival of Microsoft and IBM in the Web services space, will host the first meeting of the technical committee on Sept. 4-5, 2002.