Oasis helps secure the Internet

The Oasis standards consortium has organised a new technical committee to advance the WS-Security specification.

WS-Security provides a foundation for secure Web services, laying the groundwork for higher-level facilities such as federation, policy, and trust. Through the open Oasis process, providers and users will come together to extend the functionality of WS-Security, which was originally published by IBM, Microsoft, and Verisign.

The WS-Security specification defines a standard set of Simple Object Access Protocol (SOAP) extensions, or message headers, that can be used to implement integrity and confidentiality in Web services applications.

‘WS-Security is one of the first Web services standards to support, integrate and unify multiple security models, mechanisms and technologies, allowing a variety of systems to interoperate in a platform- and language-neutral manner,’ said Chris Kaler of Microsoft. Kaler and Kelvin Lawrence of IBM serve as co-chairs of the Oasis Web Services Security Technical Committee.

BEA Systems, Blockade Systems, Commerce One, divine, Documentum, Fujitsu, Intel, IBM, IONA, Microsoft, Novell, Oblix, OpenNetwork, Perficient, SAP, SeeBeyond, Sonic Software, Sun Microsystems, TIBCO, VeriSign, webMethods, XML Global, and other Oasis members will collaborate on advancing the WS-Security specification.

The first meeting of the technical committee will be held between September 4-5 2002 and hosted by Sun Microsystems.

WS-Security joins several security standards currently being developed within Oasis. Other specifications include SAML for authentication and authorization, XACML for access control, XrML for rights management, SPML for exchanging provisioning information, and XCBF for describing biometrics data.

‘WS-Security is complementary to our work on SAML,’ said Joe Pato of HP, co-chair of the Oasis Security Services Technical Committee. ‘In fact, our team intends to employ WS-Security to specify the use of SAML for adding security features to SOAP messages.’

On the web