Companies Demonstrate Interoperability of WS-Security OASIS Standard.LOS ANGELES -- BEA Systems, DataPower, IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , Microsoft, Oracle, Reactivity, Panacea Software, RSA Security, Sarvega, Sun Microsystems, Systinet, TIBCO TIBCO The Information Bus Company , and VeriSign Collaborate at Gartner Summit
Fourteen organizations joined together for the first time to demonstrate interoperability of the WS-Security OASIS Standard at the Gartner Application Integration and Web Services Summit in Los Angeles today. WS-Security, developed by the OASIS Web Services Security (WSS WSS Windows Sharepoint Services (Microsoft)
WSS Web Services Security (OASIS)
WSS Wavelength Selective Switch (Reconfigurable Optical Add/Drop Multiplexer) ) TC, delivers a technical foundation for implementing security functions such as integrity and confidentiality in messages implementing higher-level Web services applications.
Gartner analyst, Ray Wagner, describes WS-Security as "the standard for the majority of Web services...committing to it now will allow enterprises to easily modify the security profile of deployed Web services in the future."(1)
WS-Security allows a wide range of key security methods such as authentication and access control to be reliably, readily associated with SOAP messages. The OASIS InterOp at the Gartner Summit demonstrated the exchange of messages protected by WS-Security using the X.509 Token Profile.
"It is gratifying grat·i·fy
tr.v. grat·i·fied, grat·i·fy·ing, grat·i·fies
1. To please or satisfy: His achievement gratified his father. See Synonyms at please.
2. to see so many vendors supporting the WS-Security OASIS Standard with their interoperable implementations," observed Hal Lockhart of BEA Systems, lead of the OASIS InterOp team. "We came together with a common goal: to make it clear to all implementers -- not just the larger enterprises that have already embraced the standard -- that the time is right to adopt WS-Security."
Patrick Gannon, president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of OASIS, agreed. "WS-Security provides a key component for the broader security frameworks that users need. Many of the participants in today's InterOp are also deeply involved in advancing other OASIS Standards for security, such as the Security Assertion Markup Language (SAML (Security Assertion Markup Language) An XML-based format from OASIS for exchanging security information for single sign-on. The "assertions" are statements from a SAML authority that authenticate a user, confirm some attribute about the individual and grant or ) and the eXtensible Access Control Markup Language (XACML (EXtensible Access Control Markup Language) An OASIS standard for managing access control policy. Released in 2003 and based on XML, the Sun-developed XACML was designed to become a universal standard for describing who has access to which resources. ). The synergy between these efforts goes a long way towards meeting the marketplace's need for a cohesive fit between standards," said Gannon, who also participated in Gartner's "Power Panel: A Conversation on Standards" at the event.
Vendors Collaborate on WS-Security Interoperability
"DataPower has a unique first-hand perspective on the importance of interoperability of WS-Security to end-users having supported early versions in customer deployments since late 2002," said Eugene Kuznetsov, CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. at DataPower. "It's easy for a vendor to claim support for WS-Security, but only independent interop testing ensures that it will work for customers. Now that WS-Security is an official OASIS Standard, this interoperability event is the final step in demonstrating the maturity of Web services security."
"When we originally worked on this standard with Microsoft and other partners, we saw WS-Security as the foundation of secure Web services," said Anthony Nadalin, Chief Security Architect of IBM Software Group and IBM Distinguished Engineer. "We are pleased to see the work we took to OASIS, and saw become a standard, get such broad industry adoption."
"The WS-Security standard is the cornerstone to building secure Web Services and is composable with the broader WS- architecture where secure, reliable and transacted Web services are achieved," said Ari Bixhorn, Director, Web Services Strategies for Microsoft. "This demo provides an example of trusted interoperability and showcases the companies' commitment to evolving standards that meet customer demands for interoperability and security across heterogeneous systems. Microsoft has played a key role in the development of Web services standards, and WS-Security delivers on this roadmap."
"It is evident that Web services are rapidly becoming the cornerstone for integration and B2B (Business to Business) Refers to one business communicating with or selling to another. See B2B e-commerce, B2C and B2G.
B2B - business to business transactions," said Hasan Rizvi, vice president, Development at Oracle. "Our participation in the WS-Security OASIS demonstration illustrates Oracle's support for the standard and its ability to help enable the secure exchange of information among partners."
"Panacea Software is delighted to demonstrate our 100% BPEL-based implementation of WS-Security at the OASIS Interop. We provide complete end-to-end Web services-enabled solutions to build, deploy, run, manage, monitor and optimize business processes in alignment with both corporate IT and web strategies across the extended enterprise," said Ajay Sarkar Sarkar could mean:
"WS-Security has matured significantly and gained more widespread adoption since Reactivity delivered our first XML XML
in full Extensible Markup Language.
Markup language developed to be a simplified and more structural version of SGML. It incorporates features of HTML (e.g., hypertext linking), but is designed to overcome some of HTML's limitations. security product in June 2002," said Andrew Nash, CTO at Reactivity. "As a member of the OASIS WSS Technical Committee, Reactivity is proud to have contributed to the development of WS-Security, and we are pleased to participate in this OASIS InterOp event at the Gartner Summit in LA."
"As an OASIS Foundational Sponsor, we were very keen to participate with other leading innovators to demonstrate the value of the WS-Security OASIS Standard as it enforces Sun's commitment to security, interoperability and open standards - central themes of the Sun Java Enterprise System," said Rich Sharples, Group Product Marketing Manager, Application Platform Products, Sun Microsystems.
"Systinet has a longstanding commitment to supporting interoperability initiatives for Web services and SOA (1) (Start Of Authority) The first record in a DNS zone file. See DNS records.
(2) (Service Oriented Architecture) The modularization of business functions for greater flexibility and reusability. ," said Luc Clement, Senior Product Manager, Systinet, and co-chair of the OASIS UDDI (Universal Description, Discovery and Integration) An industry initiative for a universal business registry (catalog) of Web services turned over to the stewardship of OASIS in 2002 as the version 3 specification of UDDI was released. Technical Committee. "Interoperability between different vendor products is essential. We're pleased to support the WS-Security OASIS InterOp."
"As an active participant in the OASIS WS-Security Technical Committee, which contributes to the evolution of this security standard, TIBCO is committed to the development of such open industry standards and the widespread adoption of Web services," said Aiaz Kazi, General Manager, Business Integration, TIBCO Software Inc. "The WS- Security OASIS InterOp is a key step that showcases the power of a standards-based and secure exchange of information between Web service producers and consumers. Enterprises will greatly benefit from the collaborative efforts of the software industry's top leaders participating in this InterOp."
"WS-Security has increasingly become the basis of all SOAP security standards, providing a sound foundation for implementing reliable security parameters in Web services security. As an original author of the specification, VeriSign is pleased to see such broad adoption," said Hemma Prafullchandra, director, Advanced Products and Research Group, VeriSign. "The significant number of companies participating in this collaboration shows that we have proven that future SOAP security standards in development are building on strong, trusted technology."
(1) From Gartner Research 'Web Services Security Advances With Approval of Key Standard' April 2004.
OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL AVDL Application Vulnerability Description Language , CAP, DocBook, DSML (Directory Services Markup Language) A set of XML tags that defines the contents of a directory. Developed by Bowstreet, Inc., Tewksbury, MA (www.bowstreet. , ebXML, SAML, SPML SPML - server-parsed HTML , UBL, UDDI, WSDM WSDM Web Services Distributed Management
WSDM Web Site Design Method , WS-Reliability, WSRP WSRP Web Services for Remote Portlets
WSRP Washington State Republican Party
WSRP Web Services for Remote Portals (less common)
WSRP West Semitic Research Project
WSRP Women's Studies in Religion Program , WS-Security, XACML, and XCBF XCBF XML Common Biometric Format . http://www.oasis-open.org
OASIS Web Services Security Technical Committee