Companies Demonstrate Interoperability of WS-Security OASIS Standard.
Fourteen organizations joined together for the first time to demonstrate interoperability of the WS-Security OASIS Standard at the Gartner Application Integration and Web Services Summit in Los Angeles today. WS-Security, developed by the OASIS Web Services Security (WSS) TC, delivers a technical foundation for implementing security functions such as integrity and confidentiality in messages implementing higher-level Web services applications.
Gartner analyst, Ray Wagner, describes WS-Security as "the standard for the majority of Web services...committing to it now will allow enterprises to easily modify the security profile of deployed Web services in the future."(1)
WS-Security allows a wide range of key security methods such as authentication and access control to be reliably, readily associated with SOAP messages. The OASIS InterOp at the Gartner Summit demonstrated the exchange of messages protected by WS-Security using the X.509 Token Profile.
"It is gratifying to see so many vendors supporting the WS-Security OASIS Standard with their interoperable implementations," observed Hal Lockhart of BEA Systems, lead of the OASIS InterOp team. "We came together with a common goal: to make it clear to all implementers -- not just the larger enterprises that have already embraced the standard -- that the time is right to adopt WS-Security."
Patrick Gannon, president and CEO of OASIS, agreed. "WS-Security provides a key component for the broader security frameworks that users need. Many of the participants in today's InterOp are also deeply involved in advancing other OASIS Standards for security, such as the Security Assertion Markup Language (SAML) and the eXtensible Access Control Markup Language (XACML). The synergy between these efforts goes a long way towards meeting the marketplace's need for a cohesive fit between standards," said Gannon, who also participated in Gartner's "Power Panel: A Conversation on Standards" at the event.
Vendors Collaborate on WS-Security Interoperability
"DataPower has a unique first-hand perspective on the importance of interoperability of WS-Security to end-users having supported early versions in customer deployments since late 2002," said Eugene Kuznetsov, CTO at DataPower. "It's easy for a vendor to claim support for WS-Security, but only independent interop testing ensures that it will work for customers. Now that WS-Security is an official OASIS Standard, this interoperability event is the final step in demonstrating the maturity of Web services security."
"When we originally worked on this standard with Microsoft and other partners, we saw WS-Security as the foundation of secure Web services," said Anthony Nadalin, Chief Security Architect of IBM Software Group and IBM Distinguished Engineer. "We are pleased to see the work we took to OASIS, and saw become a standard, get such broad industry adoption."
"The WS-Security standard is the cornerstone to building secure Web Services and is composable with the broader WS- architecture where secure, reliable and transacted Web services are achieved," said Ari Bixhorn, Director, Web Services Strategies for Microsoft. "This demo provides an example of trusted interoperability and showcases the companies' commitment to evolving standards that meet customer demands for interoperability and security across heterogeneous systems. Microsoft has played a key role in the development of Web services standards, and WS-Security delivers on this roadmap."
"It is evident that Web services are rapidly becoming the cornerstone for integration and B2B transactions," said Hasan Rizvi, vice president, Development at Oracle. "Our participation in the WS-Security OASIS demonstration illustrates Oracle's support for the standard and its ability to help enable the secure exchange of information among partners."
"Panacea Software is delighted to demonstrate our 100% BPEL-based implementation of WS-Security at the OASIS Interop. We provide complete end-to-end Web services-enabled solutions to build, deploy, run, manage, monitor and optimize business processes in alignment with both corporate IT and web strategies across the extended enterprise," said Ajay Sarkar, CEO, Panacea Software. "WS-Security is the key to providing the security required in our end-to-end business process solution set."
"WS-Security has matured significantly and gained more widespread adoption since Reactivity delivered our first XML security product in June 2002," said Andrew Nash, CTO at Reactivity. "As a member of the OASIS WSS Technical Committee, Reactivity is proud to have contributed to the development of WS-Security, and we are pleased to participate in this OASIS InterOp event at the Gartner Summit in LA."
"As an OASIS Foundational Sponsor, we were very keen to participate with other leading innovators to demonstrate the value of the WS-Security OASIS Standard as it enforces Sun's commitment to security, interoperability and open standards - central themes of the Sun Java Enterprise System," said Rich Sharples, Group Product Marketing Manager, Application Platform Products, Sun Microsystems.
"Systinet has a longstanding commitment to supporting interoperability initiatives for Web services and SOA," said Luc Clement, Senior Product Manager, Systinet, and co-chair of the OASIS UDDI Technical Committee. "Interoperability between different vendor products is essential. We're pleased to support the WS-Security OASIS InterOp."
"As an active participant in the OASIS WS-Security Technical Committee, which contributes to the evolution of this security standard, TIBCO is committed to the development of such open industry standards and the widespread adoption of Web services," said Aiaz Kazi, General Manager, Business Integration, TIBCO Software Inc. "The WS- Security OASIS InterOp is a key step that showcases the power of a standards-based and secure exchange of information between Web service producers and consumers. Enterprises will greatly benefit from the collaborative efforts of the software industry's top leaders participating in this InterOp."
"WS-Security has increasingly become the basis of all SOAP security standards, providing a sound foundation for implementing reliable security parameters in Web services security. As an original author of the specification, VeriSign is pleased to see such broad adoption," said Hemma Prafullchandra, director, Advanced Products and Research Group, VeriSign. "The significant number of companies participating in this collaboration shows that we have proven that future SOAP security standards in development are building on strong, trusted technology."
(1) From Gartner Research 'Web Services Security Advances With Approval of Key Standard' April 2004.
OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WSDM, WS-Reliability, WSRP, WS-Security, XACML, and XCBF. http://www.oasis-open.org
OASIS Web Services Security Technical Committee