OASIS Members Form Web Services Security Technical Committee.Business Editors/High Tech Writers BOSTON--(BUSINESS WIRE)--July 23, 2002 WS-Security Specification to Be Advanced by BEA Systems BEA Systems, Inc. (NASDAQ: BEAS) is one of the major companies developing enterprise infrastructure software. BEA makes middleware, products that help software run on top of databases. , Blockade Systems, Commerce One, divine, Documentum, Fujitsu, Intel, IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , IONA, Microsoft, Novell, Oblix, OpenNetwork, Perficient, SAP, SeeBeyond, Sonic Software, Sun Microsystems Sun Microsystems, Inc. (NASDAQ: JAVA[3]) is an American vendor of computers, computer components, computer software, and information-technology services, founded on 24 February 1982. , TIBCO TIBCO The Information Bus Company , VeriSign, webMethods, XML XML in full Extensible Markup Language. Markup language developed to be a simplified and more structural version of SGML. It incorporates features of HTML (e.g., hypertext linking), but is designed to overcome some of HTML's limitations. Global, and Other OASIS Members The OASIS standards consortium has organized a new technical committee to advance the WS-Security specification. WS-Security provides a foundation for secure Web services (1) Loosely, any online service delivered over the Web. Such usage appears in articles from non-technical sources, but not in IT-oriented publications, because definition #2 below describes the correct use of the term. , laying the groundwork for higher-level facilities such as federation, policy, and trust. Through the open OASIS process, providers and users will come together to extend the functionality of WS-Security, which was originally published by IBM, Microsoft, and Verisign. The WS-Security specification defines a standard set of Simple Object Access Protocol (protocol) Simple Object Access Protocol - (SOAP) A minimal set of conventions for invoking code using XML over HTTP. DevelopMentor, Microsoft Corporation, and UserLand Software submitted SOAP to the IETF as an internal draft in December 1999. Latest version: SOAP 1. (SOAP) extensions, or message headers, that can be used to implement integrity and confidentiality in Web services applications. "WS-Security is one of the first Web services standards to support, integrate and unify multiple security models, mechanisms and technologies, allowing a variety of systems to interoperate in a platform- and language-neutral manner," said Chris Kaler of Microsoft. Kaler and Kelvin Lawrence of IBM serve as co-chairs of the OASIS Web Services Security Technical Committee. "Significant work is happening at OASIS in the areas of security and Web services. We are excited by the overwhelming response from OASIS members ready to collaborate on WS-Security," added Lawrence. BEA Systems, Blockade Systems, Commerce One, divine, Documentum, Fujitsu, Intel, IBM, IONA, Microsoft, Novell, Oblix, OpenNetwork, Perficient, SAP, SeeBeyond, Sonic Software, Sun Microsystems, TIBCO, VeriSign, webMethods, XML Global, and other OASIS members will collaborate on advancing the WS-Security specification. The first meeting of the technical committee will be held on 4-5 September 2002 and hosted by Sun Microsystems. WS-Security joins several security standards currently being developed within OASIS. Other specifications include SAML (Security Assertion Markup Language) An XML-based format from OASIS for exchanging security information for single sign-on. The "assertions" are statements from a SAML authority that authenticate a user, confirm some attribute about the individual and grant or for authentication and authorization, XACML (EXtensible Access Control Markup Language) An OASIS standard for managing access control policy. Released in 2003 and based on XML, the Sun-developed XACML was designed to become a universal standard for describing who has access to which resources. for access control, XrML for rights management, SPML SPML - server-parsed HTML for exchanging provisioning information, and XCBF XCBF XML Common Biometric Format for describing biometrics data. "WS-Security is complementary to our work on SAML," said Joe Pato of HP, co-chair of the OASIS Security Services Security services are state institutions for the provision of intelligence, primarily of a strategic nature, but also including protective security intelligence. Examples include the Security Service (MI5) and the Secret Intelligence Service (MI6) in the United Kingdom, and the Technical Committee. "In fact, our team intends to employ WS-Security to specify the use of SAML for adding security features to SOAP messages." Participation in the OASIS Web Services Security Technical Committee remains open to all organizations and individuals. OASIS will host an open mail list for public comment on WS-Security, and completed work will be freely available to the public without licensing or other fees. Information on joining OASIS can be found on http://www.oasis-open.org/join. About OASIS OASIS (http://www.oasis-open.org) is a not-for-profit, global consortium that drives the development, convergence and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing An umbrella term for non-paper publishing, which includes publishing online or on media such as CDs and DVDs. , topic maps Topic Maps is an ISO standard for the representation and interchange of knowledge, with an emphasis on the findability of information. The standard is formally known as ISO/IEC 13250:2003. and interoperability within and between marketplaces. OASIS has more than 400 corporate and individual members in 100 countries around the world. Industry Support for WS-Security at OASIS "An open security standard is critical to being able to deliver on the promise of Web services, and as a long-standing member of OASIS, BEA BEA - Basic programming Environment for interactive-graphical Applications, from Siemens-Nixdorf. is a strong supporter of this effort," said Edward Cobb, VP of Architecture and Standards, BEA Systems. "Secure interoperability of Web services is an important goal for everyone in the industry, and BEA will actively participate and help drive this critical work." "Fujitsu welcomes the standardization of the Web Services Security within OASIS. As a leading provider of Internet-focused information technology solutions for the global marketplace, Fujitsu will commit to contribute in the new OASIS Web Services Security Technical Committee," said Seigo Hirosue, General Manager, Project-A XML, Fujitsu Limited. "Fujitsu's Interstage, the software platform for 'Collaborative Business Integration,' will support the future standard to realize secure B2B (Business to Business) Refers to one business communicating with or selling to another. See B2B e-commerce, B2C and B2G. B2B - business to business transactions. "Web services standards are developing in a methodical, coordinated fashion that will ensure you'll be able to mix-and-match technologies to achieve your integration and business connection goals," said Bob Sutor, Director of e-business Standards Strategy at IBM. "WS-Security is a critical element of the Web services stack and an important step toward creating the comprehensive set of security standards that will accelerate the adoption of Web services by our customers and users around the world." "The creation of interoperable security standards is necessary to solve the complex challenges facing customers who are integrating their applications and systems across the extended enterprise. Ensuring the security of these applications and systems is a key issue that must be addressed before the widespread adoption of Web services," said Nand Mulchandani, co-founder and CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. , Oblix. "We are excited to be a charter member of the OASIS Web Services Security Technical Committee, as we have always been on the forefront of implementing Web services in our enterprise identity management and Web access control solution, Oblix NetPoint. Our experience in implementing this technology at numerous enterprise customer sites will be a tremendous asset in assisting with the development of this important specification." "The unification of existing security models is a key business and technology driver for widespread adoption of Web services technologies," said Andy Sweet, chief technology officer, Perficient, and OASIS technical committee member. "By leveraging the existing work completed by WS-Security, the OASIS Web Services Security Technical Committee will be able to deliver security standards that will drive unification and allow real interoperability between diverse enterprise systems. Perficient looks forward to participating in this important effort." "Global Web security standards are imperative for the future success of widespread business-to-business integration, making WS-Security the premier Web services standard supporting several security models a necessity," said Alan Davies, vice president of Standards and Product Strategy for SeeBeyond. "SeeBeyond embraces the unique opportunity to work closely with the OASIS standards consortium, supporting the customer adoption of global Web security standards and the delivery of secure solutions to the market and our customers." "Security has been one of the most critical barriers to Web services adoption to date, and Sonic Software is committed to developing security standards for Web services," said Greg O'Connor, president of Sonic Software. "We are pleased to offer Sonic's participation to the Technical Committee." "We are encouraged to see Microsoft and IBM Many people are too new to the computer industry to remember that IBM once occupied the lofty position that Microsoft currently enjoys. Today, it's a Microsoft versus The Rest of the World computer industry. Yesterday, it was IBM versus everybody else. contributing their specification under royalty free terms to OASIS, which is a recognized industry standards body," said Bill Smith, Director of Liberty Alliance Technology at Sun Microsystems. "Sun welcomes this submission because it will now be possible for the community to evaluate and build upon this technology out in the open. We hope to see all Web service specifications made available under royalty free terms." "WS Security is one of the first specifications that addresses the critical need to embed trust and security into the fabric of the Web services infrastructure," said Dr. Phillip Hallam-Baker, Principal Scientist, VeriSign. "Although protocols such as SOAP, UDDI (Universal Description, Discovery and Integration) An industry initiative for a universal business registry (catalog) of Web services turned over to the stewardship of OASIS in 2002 as the version 3 specification of UDDI was released. and WSDL (Web Services Description Language) An XML-based language for defining Web services. Developed by Microsoft and IBM, WSDL describes the protocols and formats used by the service. have received broad industry support, the technologies and standards to enable trusted Web services are still being developed. That's why organizations like OASIS are so important; they are going to play a leading role in laying a trusted foundation for Web services." "Interoperable security is a key ingredient to making Enterprise Web Services viable. As one of the original authors of XKMS XKMS XML Key Management Specification (W3C) and SAML, webMethods has long been a thought leader in Web Services-related security standards," said Andy Astor, vice president of Enterprise Web Services for webMethods. "We're very pleased to be further developing these standards as a participant in the OASIS Web Services Security Technical Committee. We look forward to working closely with our colleagues from the other participating companies." "Secure Web services are essential for use in real world systems today," said John McAughtry, president of XML Global. "Our existing OASIS work on ebXML messaging will contribute to this critical area of XML development." |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion