Members Approve WS-Security v1.1 as OASIS Standard.BOSTON -- OASIS: --Actional, Adobe, AmberPoint, BEA Systems, BMC Software, Computer Associates, EMC (1) (EMC Corporation, Hopkinton, MA, www.emc.com) The leading supplier of storage products for midrange computers and mainframes. Founded in 1979 by Richard J. Egan and Roger Marino, EMC has developed advanced storage and retrieval technologies for the world's largest companies. , Forum Systems, Fujitsu, Hewlett-Packard, Hitachi, IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , Intel, Microsoft, Neustar, Nokia, Oracle, Reactivity, RSA Security, SAP, Sun Microsystems, Tibco, VeriSign, and Others Collaborate to Advance Foundational Standard for Web Services Security OASIS, the international e-business standards consortium, today announced that its members have approved WS-Security version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. Developed through an open process by the OASIS Web Services Security (WSS WSS Windows Sharepoint Services (Microsoft) WSS Web Services Security (OASIS) WSS Wavelength Selective Switch (Reconfigurable Optical Add/Drop Multiplexer) ) Technical Committee, WS-Security delivers a technical foundation for implementing security functions such as integrity and confidentiality in messages implementing higher-level Web services applications. Gartner analyst, Ray Wagner, advised, "Enterprises should adopt WS-Security formatting for all across-the-firewall Web service deployments, even in cases where no security needs have been identified. Gartner believes that WS-Security will be the standard for the majority of Web services, and committing to it now will allow enterprises to easily modify the security profile of deployed Web services in the future." WS-Security builds on existing security technologies to deliver an industry standard way of securing Web services message exchanges. Providing a framework within which authentication and authorization take place, WS-Security lets users apply existing security technology and infrastructure in a Web services environment. "We have made significant, but complementary, additions to WS-Security--many of which are the direct result of user feedback," said Kelvin Lawrence of IBM, co-chair of the OASIS WSS Technical Committee. "WS-Security v1.1 enhancements include extra profiles for Kerberos, the Security Assertion Markup Language (SAML (Security Assertion Markup Language) An XML-based format from OASIS for exchanging security information for single sign-on. The "assertions" are statements from a SAML authority that authenticate a user, confirm some attribute about the individual and grant or ) OASIS Standard, SOAP with Attachments SOAP with Attachments (SwA) or MIME for Web Services refers to the method of using Web Services to send and receive files using a combination of SOAP and MIME, primarily over HTTP. and Rights Expression Language (REL)." "The new release also enables secure, message-based Web services scenarios incorporating existing security technologies," added Chris Kaler of Microsoft, co-chair of the OASIS WSS Technical Committee. "Applications can share information on network access regardless of the underlying platform." Patrick Gannon, president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of OASIS, stated, "The OASIS WSS Technical Committee is a fine example of the open standards process, where the needs and interests of a broad base of constituents--large and small companies, vendors and users, private enterprises, multi-national corporations, and government agencies--are addressed to the benefit of all. We look forward to seeing adoption of this new level of WS-Security in the same way that the 1.0 standard was embraced." The OASIS WSS Technical Committee remains open to new participation and particularly seeks input from those in the international community to advance WS-Security. All interested parties are encouraged to exchange information on implementing WS-Security via the wss-dev mailing list (http://www.oasis-open.org/mlmanage/). As with all Consortium projects, archives of the OASIS WSS Technical Committee's work are accessible to both members and non-members, and OASIS hosts an open mail list for public comment on the standard. Support for WS-Security "This is a significant step for the industry, since advanced Web services are not possible without capabilities such as the Kerberos Token Profile and SOAP with Attachments. Not unlike Secure Sockets Layer (networking, security) Secure Sockets Layer - (SSL) A protocol designed by Netscape Communications Corporation to provide secure communications over the Internet using asymmetric key encryption. (SSL (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. ) for network communication, WS-Security will be the defacto standard for secure Application-Oriented networking," said Walid Negm, Vice President of Marketing, Forum Systems. "Fujitsu is pleased to see the new version of WS-Security become an OASIS Standard. We have been committed to the standardization of Web services technologies. With the addition of attachments support and other enhancements, the new standard will enable us to provide a wider range of solutions. This will help our customers realize secure systems based on Web services technologies," said Yasushi Ishida, Executive Architect, Software Unit, Fujitsu Limited. "Hitachi is very pleased to see WS-Security v1.1 approved as an OASIS Standard. Initial reactions from the press and users when Web services was in its infancy was that the security issues would be so great to make practical deployment an impossibility. With the publication of WS-Security v1.1 as an OASIS Standard, the community at-large may be assured that the underlying tools necessary to secure Web services deployments are at hand and are practical. Usage of these standards and their composition with higher level protocols will form the basis of practical secure deployments. This inhibitor to deployment is now removed," said Takao Nakamura, Executive General Manager, Software Division, Hitachi, Ltd. "Microsoft is excited to have collaborated with the co-authors of the WS-Security 1.1 specification. Its ratification as a standard is a significant milestone for Web services and the industry overall incorporating feedback from products deployed using the WS-Security 1.0 industry standard," said Chris Kaler, Security Architect at Microsoft Corp and co-chair of the OASIS Web Services Security Technical Committee. "WS-Security is a core component of the WS-* Web services architecture for secure, reliable and transacted Web services and is supported broadly across the industry. We look forward to continued adoption of the Web services standards, with the end goal of a common architecture for software interoperability." "Nokia is pleased to see the completion of WS-Security v1.1 as an OASIS Standard. Nokia has been an active contributor in creating this standard and believes it will benefit mobile Web services," said Frederick Hirsch, Senior Architect at Nokia. "WS-Security v1.1 is a major step forward in open standardization of the Web services stack, given the importance of interoperable security for Web services." "WS-Security v1.1 answers the need for secure authentication of Web services," said Prateek Mishra, director, Security Standards, Oracle. "Our work in the OASIS WSS Technical Committee demonstrates Oracle's commitment to bringing security standards to the market, incorporating them into our products, and passing along the benefits to our customers. We were pleased to work alongside other technology vendors to develop WS-Security v1.1, and look forward to helping to accelerate its adoption." "The approval of WS-Security v1.1 as an OASIS Standard is critical to the future growth of Web services and service oriented architectures (SOA) that our enterprise customers are implementing," according to Andrew Nash, chief technology officer at Reactivity. "WS-Security standards enable our customers to do what matters most---building and deploying successful Web services and SOA projects that scale with the company as they add new partners, customers and services to their network." "Sun is pleased to participate in the evolution of WS-Security and to see it reach this important milestone. Through the OASIS process, other organizations, like the Liberty Alliance and WS-I (Web Services Interoperability Organization, www.ws-i.org) A consortium founded by Microsoft, IBM, BEA Systems and Intel that is dedicated to the development of Web services. Its goals are to provide guidance and education, to promote interoperability and to ensure that Web services , can reference this specification with confidence," said Bill Smith, director of business alliances at Sun Microsystems. "As part of Sun's objective to provide developers with the out-of-the-box tools they need to easily create identity-based security for their Web services applications, we look forward to broadening our support for WS-Security across the Solaris Enterprise System in products like Sun Java System Access Manager Sun Java System Access Manager is Sun Microsystems' web access management product and a component of Sun Java Enterprise System. Sun Java System Access Manager provides single sign-on, federation and secure Web service functionality. , Sun Java System The Sun Java System brand superseded the Sun ONE brand on September 2003. There are two major suites under this brand, the Sun Java Enterprise System suite of infrastructure software, and the Sun Java Desktop System graphical user environment. Federation Manager and Sun Java System Application Server A J2EE-compliant, Web-based application server from Sun. It supports C, C++ and Java applications, Java servlets, JavaServer Pages (JSPs) and Enterprise JavaBeans. From more recent to earliest, the product was formerly Sun ONE Application Server, iPlanet Application Server and Netscape ." "WS-Security is already the industry foundation for adding security to Web services. The new WS-Security v1.1 standard is an important milestone that includes significant enhancements to the original specification. It also profiles and adds support for several new security token types, such as SAML, Kerberos, X.509 certificates, and others," said Siddharth Bajaj, director, Advanced Products and Research, VeriSign. About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL AVDL Application Vulnerability Description Language , CAP, DITA, DocBook, DSML (Directory Services Markup Language) A set of XML tags that defines the contents of a directory. Developed by Bowstreet, Inc., Tewksbury, MA (www.bowstreet. , ebXML CPPA CPPA Collaboration Protocol Profile and Agreement (Oasis) CPPA Child Pornography Prevention Act of 1996 CPPA Canadian Pulp & Paper Association CPPA Corrugated Polyethylene Pipe Association , ebXML Messaging, ebXML Registry, EML, OpenDocument, SAML, SPML SPML - server-parsed HTML , UBL, UDDI (Universal Description, Discovery and Integration) An industry initiative for a universal business registry (catalog) of Web services turned over to the stewardship of OASIS in 2002 as the version 3 specification of UDDI was released. , WSDM WSDM Web Services Distributed Management WSDM Web Site Design Method , WS-Reliability, WSRP WSRP Web Services for Remote Portlets WSRP Washington State Republican Party WSRP Web Services for Remote Portals (less common) WSRP West Semitic Research Project WSRP Women's Studies in Religion Program , WS-Security, XACML (EXtensible Access Control Markup Language) An OASIS standard for managing access control policy. Released in 2003 and based on XML, the Sun-developed XACML was designed to become a universal standard for describing who has access to which resources. , XCBF XCBF XML Common Biometric Format , and XML Catalogs. http://www.oasis-open.org Additional information: OASIS WSS Technical Committee http://www.oasis-open.org/committees/wss Cover Pages Technology Report http://xml.coverpages.org/ws-security.html |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion