OASIS Approves New Web Services Security Standards

Mar 28, 2007

The Organization for the Advancement of Structured Information Systems has approved WS-SecureConversation and WS-Trust as standards.

The Organization for the Advancement of Structured Information Systems has announced that its members have approved WS-SecureConversation version 1.3 and WS-Trust version 1.3 as OASIS Standards.

The specifications were developed by the OASIS WS-SX (Web Services Secure Exchange) Technical Committee and they define policies and extensions to WS-Security that enable the trusted exchange of multiple SOAP (Simple Object Access Protocol) messages.

WS-Trust provides methods for issuing, renewing and validating security tokens as well as establishing, detecting and brokering trust relationships, OASIS officials said. Meanwhile, WS-SecureConversation allows security contexts to be created and key material to be exchanged more efficiently, OASIS said.

Together the standards can improve the performance and security of exchanges.

"In order to secure communication between two parties, both must exchange security credentials," said Anne Thomas Manes, research director with the Burton Group, in a statement.

"Before that can take place though, each party needs to determine if they can 'trust' the asserted credentials of the other. Applications that communicate using the Web services framework (e.g., SOAP and WSDL) can use WS-Trust to obtain and exchange security credentials - either directly or through a trusted third party - and use WS-SecureConversation to establish and maintain an extended secure session."

Kelvin Lawrence of IBM, co-chair of the OASIS WS-SX Technical Committee, said, "WS-Trust builds upon WS-Security by introducing an XML syntax and a protocol that enables the issuance and dissemination of credentials between different trust domains via a security token service."

Meanwhile, Chris Kaler, a Microsoft engineer and co-chair of the WS-SX committee, said, "WS-Security focuses on the security of a single message, which is useful in many situations. WS-SecureConversation adds a security context authentication model that is extremely beneficial for long-running exchanges. When two parties are passing multiple rounds of secured messages back and forth, the added security and efficiency provided by WS-SecureConversation becomes essential."

Among the industry leaders, IBM, Microsoft and Sun Microsystems have verified successful implementations of WS-SecureConversation and WS-Trust in accordance with eligibility requirements for all OASIS Standards.

However, Adobe, AmberPoint, Axway, BEA Systems, BMC Software, CA, EDS, Forum Systems, Fujitsu, HP, IBM, IONA, Microsoft, Neustar, Nokia, Nortel, Novell, Oracle, Progress Software, Red Hat, Ricoh, SAP, SOA Software, Software AG, Sun Microsystems, Tibco Software, VeriSign, and other members of OASIS collaborated to develop WS-SecureConversation and WS-Trust, OASIS officials said.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Hand out money with my mobile? I think I'm ready

add to favorites email to friend print save as pdf

Related Stories

Android gains in US, basic phones almost extinct

4 hours ago

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

SpaceX launches supplies to space station (Update)

4 hours ago

The SpaceX company returned to orbit Friday, launching fresh supplies to the International Space Station after more than a month's delay and setting the stage for urgent spacewalking repairs.

Recommended for you

Hand out money with my mobile? I think I'm ready

Apr 17, 2014

A service is soon to launch in the UK that will enable us to transfer money to other people using just their name and mobile number. Paym is being hailed as a revolution in banking because you can pay peopl ...

Quantenna promises 10-gigabit Wi-Fi by next year

Apr 16, 2014

(Phys.org) —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...

Tech giants look to skies to spread Internet

Apr 16, 2014

The shortest path to the Internet for some remote corners of the world may be through the skies. That is the message from US tech giants seeking to spread the online gospel to hard-to-reach regions.

Wireless industry makes anti-theft commitment

Apr 16, 2014

A trade group for wireless providers said Tuesday that the biggest mobile device manufacturers and carriers will soon put anti-theft tools on the gadgets to try to deter rampant smartphone theft.

Dish Network denies wrongdoing in $2M settlement

Apr 15, 2014

The state attorney general's office says Dish Network Corp. will reimburse Washington state customers about $2 million for what it calls a deceptive surcharge, but the satellite TV provider denies any wrongdoing.

Netflix's Comcast deal improves quality of video

Apr 14, 2014

Netflix's videos are streaming through Comcast's Internet service at their highest speeds in the past 17 months now that Netflix is paying for a more direct connection to Comcast's network.

User comments : 0

More news stories

LinkedIn membership hits 300 million

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Treating depression in Parkinson's patients

A group of scientists from the University of Kentucky College of Medicine and the Sanders-Brown Center on Aging has found interesting new information in a study on depression and neuropsychological function in Parkinson's ...