View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
April 7, 2004

Security spec for web services finalized

A key security element of IBM Corp and Microsoft Corp's web services roadmap has received official standards blessing, paving the way for widespread industry adoption.

By CBR Staff Writer

Key documents in the WS-Security 1.0 core specification have been ratified along with two important token profiles, for usernames and X.509, by the Organization for the Advancement of Structured Information Standards (OASIS).

Companies developing WS-Security through an OASIS technical committee included BEA Systems, Hewlett Packard, IBM, Microsoft, Oracle, SAP and Verisign. Vendors are now expected to implement WS-Security into their products, providing a common level of interoperability.

WS-Security is fundamental to the WS- specification roadmap that was co-authored by IBM and Microsoft. WS-Security serves as foundation specification for other elements in the companies’ roadmap including WS-Secure Conversation, WS-Trust and WS-Security Policy that manage the transaction secured by WS-Security.

WS-Security is also important in helping end-users come a step closer to realizing the full potential of web services, by providing a secure mechanism to take web services transactions beyond the firewall for secure day-to-day transactions with partners. Security has been lacking in web services to-date, hence projects have remained internal. WS-Security provides security infrastructure for applications such ordering, invoicing and payment.

VeriSign principle scientist Phillip Hallam-Baker, who worked helped work on WS-Security, said. People have the ability to start taking their existing applications beyond the firewall and moving to the next stage of web services, using them in extranets for business with close partners.

WS-Security provides confidentially and integrity for web services transactions through the federated use of encryption and digital signatures. WS-Security differs from traditional approaches to encrypting and signing messages, because it accepts a message may be routed between multiple trading partners instead of communication being limited to point-to-point transaction between just two parties.

The standard is also capable of securely going through a corporate firewall, without the firewall needing to guess whether the encrypted content is secure or trustworthy, and making a random decision on whether the block or accept the message.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

OASIS WS-Security technical committee will now ratify XRML and Kerberos profiles for use with the core standard. No date has been given for completion.

This article is based on material originally published by ComputerWire

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.