OASIS Members Form Committee to Advance Standards for Web Services Secure Exchange (WS-SX).BOSTON -- Members of the OASIS international standards consortium announced plans to define extensions to the WS-Security OASIS Standard that will enable the trusted exchange of multiple SOAP messages and will define security policies that govern the formats and tokens of those messages. The new OASIS Web Services (1) Loosely, any online service delivered over the Web. Such usage appears in articles from non-technical sources, but not in IT-oriented publications, because definition #2 below describes the correct use of the term. Secure Exchange (WS-SX) Technical Committee brings together users and vendors in an open process to refine and finalize a set of specifications based on three initial contributions, WS-SecureConversation, WS-SecurityPolicy and WS-Trust. Other contributions and changes to these input documents will be accepted for consideration without prejudice Without any loss or waiver of rights or privileges. When a lawsuit is dismissed, the court may enter a judgment against the plaintiff with or without prejudice. When a lawsuit is dismissed without prejudice or restriction and evaluated based on technical merit. Actional, Adobe, Amberpoint, BMC Software BMC Software, Inc. NYSE: BMC, is an American enterprise management software provider, focusing on IT infrastructure applications. BMC was founded in 1980 and is headquartered in Houston, Texas. , BEA Systems, Computer Associates, DataPower, Forum Systems, HP, IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , Infravio, IONA, Microsoft, Nokia, Novell, Oracle, Reactivity, Ricoh, Sarvega, SAP, SOA Software, Sonic Software, Systinet, TIBCO TIBCO The Information Bus Company , VeriSign, webMethods, and others refine WS-Conversation, WS-SecurityPolicy, and WS-Trust. "In order to meet the growing demands of secure Web service messaging, we need facilities beyond what is provided in the WS-Security OASIS Standard," explained Kelvin Lawrence of IBM, proposed co-chair of the OASIS WS-SX Technical Committee. "WS-Security describes a base mechanism for securing SOAP messages. With WS-SX, we'll concentrate on trust brokering, multi-message exchanges, and policies that describe how to secure message exchanges with a Web service." With input from the entire community, the OASIS WS-SX Technical Committee will advance a set of modular specifications that standardize the concepts, WSDL (Web Services Description Language) An XML-based language for defining Web services. Developed by Microsoft and IBM, WSDL describes the protocols and formats used by the service. documents, and XML Schema renderings for trusted brokering of SOAP message exchanges, shared security contexts, and security policies. WS-SecurityPolicy defines a general set of security policies that can be associated with a Web service. WS-Trust provides a description for managing, establishing and assessing trust relationships between parties exchanging information. WS-SecureConversation serves as a building block to create a secure context for organizations to exchange multiple messages without constantly reauthenticating. "The WS-Security OASIS Standard describes how to use security tokens to obtain message integrity, confidentiality, and authentication of the message sender, but in order to use these mechanisms, tokens must be obtained and trust brokered. Furthermore, a mechanism is needed to describe security exchange patterns," noted Chris Kaler of Microsoft, proposed co-chair of the OASIS WS-SX Technical Committee. "WS-Trust and WS-SecurityPolicy include additional primitives to enable the obtaining of tokens and brokering of trust relationships as well as expressing supported security exchange patterns as policy expressions associated with SOAP endpoints." By advancing the specifications within OASIS, WS-SX developers are able to work in close proximity to related projects also underway at the consortium, including the OASIS Web Services Reliable Exchange (WS-RX), Web Services Transaction (WS-TX), and Web Services Security Committees. Participants in the OASIS WS-SX Committee intend for their work to be readily composable with these other specifications. "The WS-Security OASIS Standard was designed to be a highly extensible method," observed James Bryce Clark, director of standards development at OASIS. "WS-SX will provide further extensions to enable functions such as policy expressions and long-running conversations. These will augment the X.509, username, SAML (Security Assertion Markup Language) An XML-based format from OASIS for exchanging security information for single sign-on. The "assertions" are statements from a SAML authority that authenticate a user, confirm some attribute about the individual and grant or , and other token profiles already available for WS-Security." The OASIS WS-SX Technical Committee will operate under Royalty Free on RAND Terms, as defined by the OASIS Intellectual Property Rights Policy. The Committee's first meeting will be held 7-8 December 2005, and participation remains open to all companies, non-profit groups, and individuals. As with all OASIS projects, archives of the Committee's work will be accessible to both members and non-members, and OASIS will host an open mail list for public comment. Support for WS-SX Actional "Ensuring that Web services can be used for mission critical solutions in the enterprise is vital," said Dan Foody Food´y a. 1. Eatable; fruitful. , CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. of Actional. "Many mission critical applications require transactional integrity, and with the advent of WS-TX, these applications can be designed and built to use Web services -- all while being interoperable across vendors." Computer Associates "CA is pleased to participate in the OASIS WS-SX Technical Committee. As one of the early contributors to the specifications that lead to the creation of this committee, CA recognizes the need for the standardization of trust between federated Connected and treated as one. See federated database and federated directories. business partners and plans to implement those standards in CA's IAM IAM - Interactive Algebraic Manipulation. Interactive symbolic mathematics for PDP-10. ["IAM, A System for Interactive Algebraic Manipulation", C. Christensen et al, Proc Second Symp Symb Alg Manip, ACM Mar 1971]. products as they become available," said Bill Bartow, senior vice president of eTrust Identity and Access Management at CA. Forum Systems "The OASIS WS-SX Technical Committee represents a significant step forward in creating a composable Web services architecture," said Mamoon Yunus, CTO of Forum Systems. "WS-SecureConversation, WS-SecurityPolicy, and WS-Trust help establish the necessary security context for exchanging multiple messages, resolving security token incompatibility, and defining interoperable security policy expression. With WS-SX, security underpinnings necessary for enterprise-class SOAs are closer to realization." IBM "We continue to see increasing demand for secure Web services from our clients deploying advanced SOA (1) (Start Of Authority) The first record in a DNS zone file. See DNS records. (2) (Service Oriented Architecture) The modularization of business functions for greater flexibility and reusability. solutions," said Karla Norsworthy, vice president, IBM Software Standards. "The specifications contributed to the OASIS WS-SX Committee provide customers the ability to establish trust relationships that span long running exchange and provide interoperability for real world scenarios." Microsoft "Today's announcement represents another significant step toward simplifying the development of secure, interoperable systems based on Web services," said Ari Bixhorn, Director of Web Services Strategy for Microsoft. "The broad industry support for this charter shows our continued commitment to providing a Web services architecture that enables customers to address their ever-changing business needs." Nokia "Nokia is pleased to see these specifications submitted to an open standards organization," said Frederick Hirsch, Senior Architect at Nokia. "We would like to see convergence of standardization in this area to enable the adoption of services that require these standards." Novell "Identity technology is a critical aspect of the Internet, and Novell is committed to providing secure interoperability within Web services infrastructure," said Kent Erickson, Novell vice president, Identity and Resource Management. "We recognize the security of Web services is important as we identity-enable the Internet. We look forward to collaborating with other leading software vendors so our customers can increase the security of their systems and improve their agility to meet their ever-changing needs." Oracle "Oracle is deeply committed to developing and supporting the development of open standards, and Web services security is a particularly keen interest to us," said Oracle Vice President, Identity Management, Roger Sullivan. "By participating in the OASIS WS-SX Committee we will play a key role in providing the standardized mechanisms organizations need to interoperate in a secure and trusted Web services environment." SAP "The WS-SX specifications will enhance Web services security through advanced support for collaborative business solutions," said Michael Bechauf, Vice President of SAP NetWeaver Industry Standards. "As one of the world's leading provider of business software solutions, we believe that interoperability of policy-driven security runtime configurations and improved messaging security are important building blocks of the Enterprise Services Architecture (ESA 1. (architecture) ESA - Enterprise Systems Architecture. 2. (body) ESA - European Space Agency. )." SOA Software "The work performed by the OASIS WS-SX Committee will essentially complete the triumvirate Triumvirate (trīŭm`vĭrĭt, –vĭrāt'), in ancient Rome, ruling board or commission of three men. Triumvirates were common in the Roman republic. of secure, reliable and transactional Web services required for real-world, business-to-business communication using SOA," said Alistair Farquharson, SOA Software CTO. "We are pleased to participate in this work as it will help to standardize much of the work we have already done through the creation of the XML XML in full Extensible Markup Language. Markup language developed to be a simplified and more structural version of SGML. It incorporates features of HTML (e.g., hypertext linking), but is designed to overcome some of HTML's limitations. VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. concept and products." Systinet "Security remains one of the top issues among enterprise IT executives adopting SOA," said Roman Stanek, Founder, Systinet. "This new standard will go a long way toward alleviating their concerns, and Systinet is pleased to support OASIS on this initiative." TIBCO "Missing from today's Web services messaging is an accepted standard for brokering trust between parties in a SOAP message exchange," said Matt Quinn, vice president, Product Strategy, TIBCO Software, Inc. "In order to advance Web services adoption and enable the establishment of trusted relationships between senders and receivers, protocols around message integrity, confidentiality and authentication must be established. The OASIS WS-SX Technical Committee, comprised of the industry's leading authorities on both IT security and open standards-based computing, will work to unite disparate efforts and achieve industry consensus to overcome this challenge." Quinn added, "As an active participant in OASIS, TIBCO is committed to furthering the development and adoption of standards that drive technology innovation." webMethods "While the WS-Security OASIS Standard provides an important protocol for securing SOAP messages, it fails to cover all of the important usages of SOAP today," said Marc Breissinger, vice president and Chief Architect, webMethods Inc. "The OASIS WS-SX Technical Committee is charged with addressing many of these issues, including trust brokering, multi-message exchanges, and the need for policies describing how to secure message exchanges with a Web service. Based on our continuing support for key industry standards and our long-term recognition of the need to derive business value from Web services, webMethods is proud to support this initiative." About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL AVDL Application Vulnerability Description Language , CAP, DITA, DocBook, DSML (Directory Services Markup Language) A set of XML tags that defines the contents of a directory. Developed by Bowstreet, Inc., Tewksbury, MA (www.bowstreet. , ebXML CPPA CPPA Collaboration Protocol Profile and Agreement (Oasis) CPPA Child Pornography Prevention Act of 1996 CPPA Canadian Pulp & Paper Association CPPA Corrugated Polyethylene Pipe Association , ebXML Messaging, ebXML Registry, OpenDocument, SAML, SPML SPML - server-parsed HTML , UBL (Universal Business Language) A format for exchanging data from one XML business language to another. Based on ebXML Core Components, UBL is designed to provide a common language that acts as an intermediate vocabulary so that one XML vocabulary can interoperate with , UDDI (Universal Description, Discovery and Integration) An industry initiative for a universal business registry (catalog) of Web services turned over to the stewardship of OASIS in 2002 as the version 3 specification of UDDI was released. , WSDM WSDM Web Services Distributed Management WSDM Web Site Design Method , WS-Reliability, WSRP WSRP Web Services for Remote Portlets WSRP Washington State Republican Party WSRP Web Services for Remote Portals (less common) WSRP West Semitic Research Project WSRP Women's Studies in Religion Program , WS-Security, XACML (EXtensible Access Control Markup Language) An OASIS standard for managing access control policy. Released in 2003 and based on XML, the Sun-developed XACML was designed to become a universal standard for describing who has access to which resources. , and XCBF XCBF XML Common Biometric Format . http://www.oasis-open.org Additional information: OASIS WS-SX Technical Committee http://www.oasis-open.org/committees/ws-sx Cover Pages Technology Report on XML and Security: http://xml.coverpages.org/security.html |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion