The Web Services Interoperability (WS-I) organization has published the Basic Security Profile Working Group Draft for interoperability of security of messages involved in point-to-point and relayed communications. The profile covers HTTP over Transport Layer Security (TLS) and SOAP Message Security.
Security is the WS-I’s first major piece of work since completing the Basic Profile last year, establishing basic interoperability between different web service implementations.
The WS-I Basic Profile has been incorporated into Sun Microsystems Inc’s Java 2 Enterprise Edition (J2EE) 1.4, for interoperability between J2EE and Microsoft Corp’s .NET. The Basic Profile encompassed SOAP, WSDL and UDDI.
Having nailed down the Basic Profile by WS-I, though, security was defined as the WS-I’s next priority by organization co-founder Microsoft Corp. The Basic Security Profile Working Group (BSPWG) was formed in 2003 to examine authentication, messaging integrity and encryption. The Basic Security Profile tackles transport security, SOAP messaging security and other elements in version 1.0 and 1.1 of the WS-I’s Basic Profile, Simple SOAP Binding Profile 1.0 and Attachments Profile 1.0.
WS-I said yesterday the security profile would reference existing specifications, including the Microsoft-backed Web Services Security 1.0 specification recently finalized by the Organization for the Advancement of Structured Information Standards (OASIS).
As such, the Basic Security Profile incorporates token profiles for Username, X.509 Certificates and Kerberos – a planned part of WS-Security – while WS-I is also considering support for SAML and XRML.