The OASIS standards consortium Tuesday opened a technical committee on WS-Security, the Web services security specification submitted to the organization in June by joint developers
VeriSign , IBM
and Microsoft
.
WS-Security defines a set of SOAP
services applications, laying the groundwork for higher-level facilities like federation, policy and trust. When the three companies
published the specification in April, they also laid out a
roadmap for the future of security implementations. The three-pronged approach includes:
- Enhancing single-message authentication, message integrity and confidentiality through the SOAP messaging standard
- Security tokens for individual users to access different levels of the Web service infrastructure (i.e., customers and
administrators) - Using encrypted keys on x.509 and Kerberos tickets and defining how they should be encoded.
The three companies made the specification available to OASIS on a royalty-free (RF) basis.
The new OASIS WS-Security Technical Committee is composed of BEA Systems, Blockade Systems, Commerce One, divine, Documentum,
Fujitsu, Intel, IBM, IONA, Microsoft, Novell, Oblix, OpenNetwork, Perficient, SAP, SeeBeyond, Sonic Software, Sun Microsystems,
TIBCO, VeriSign, webMethods, and XML Global.
“WS-Security is one of the first Web services standards to support, integrate and unify multiple security models, mechanisms and
technologies, allowing a variety of systems to interoperate in a platform- and language-neutral manner,” said Chris Kaler of
Microsoft, co-chair of the technical committee with IBM’s Kelvin Lawrence.
Already, OASIS’ Security Services Technical committee has indicated that it will work with the new WS-Security Technical Committee
to make WS-Security work with SAML
and demoed by OASIS last week.
“WS-Security is complementary to our work on SAML,” said Joe Pato of HP, co-chair of the Security Services Technical Committee. “In
fact, our team intends to employ WS-Security to specify the use of SAML for adding security features to SOAP messages.”
Sun Microsystems, which has become a bitter rival of Microsoft and IBM in the Web services space, will host the first meeting of the
technical committee on Sept. 4-5, 2002.