OASIS Approves New Web Services Security Standards

Mar 28, 2007

The Organization for the Advancement of Structured Information Systems has approved WS-SecureConversation and WS-Trust as standards.

The Organization for the Advancement of Structured Information Systems has announced that its members have approved WS-SecureConversation version 1.3 and WS-Trust version 1.3 as OASIS Standards.

The specifications were developed by the OASIS WS-SX (Web Services Secure Exchange) Technical Committee and they define policies and extensions to WS-Security that enable the trusted exchange of multiple SOAP (Simple Object Access Protocol) messages.

WS-Trust provides methods for issuing, renewing and validating security tokens as well as establishing, detecting and brokering trust relationships, OASIS officials said. Meanwhile, WS-SecureConversation allows security contexts to be created and key material to be exchanged more efficiently, OASIS said.

Together the standards can improve the performance and security of exchanges.

"In order to secure communication between two parties, both must exchange security credentials," said Anne Thomas Manes, research director with the Burton Group, in a statement.

"Before that can take place though, each party needs to determine if they can 'trust' the asserted credentials of the other. Applications that communicate using the Web services framework (e.g., SOAP and WSDL) can use WS-Trust to obtain and exchange security credentials - either directly or through a trusted third party - and use WS-SecureConversation to establish and maintain an extended secure session."

Kelvin Lawrence of IBM, co-chair of the OASIS WS-SX Technical Committee, said, "WS-Trust builds upon WS-Security by introducing an XML syntax and a protocol that enables the issuance and dissemination of credentials between different trust domains via a security token service."

Meanwhile, Chris Kaler, a Microsoft engineer and co-chair of the WS-SX committee, said, "WS-Security focuses on the security of a single message, which is useful in many situations. WS-SecureConversation adds a security context authentication model that is extremely beneficial for long-running exchanges. When two parties are passing multiple rounds of secured messages back and forth, the added security and efficiency provided by WS-SecureConversation becomes essential."

Among the industry leaders, IBM, Microsoft and Sun Microsystems have verified successful implementations of WS-SecureConversation and WS-Trust in accordance with eligibility requirements for all OASIS Standards.

However, Adobe, AmberPoint, Axway, BEA Systems, BMC Software, CA, EDS, Forum Systems, Fujitsu, HP, IBM, IONA, Microsoft, Neustar, Nokia, Nortel, Novell, Oracle, Progress Software, Red Hat, Ricoh, SAP, SOA Software, Software AG, Sun Microsystems, Tibco Software, VeriSign, and other members of OASIS collaborated to develop WS-SecureConversation and WS-Trust, OASIS officials said.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Verizon launches rewards program with tracking

add to favorites email to friend print save as pdf

Related Stories

Technique simplifies the creation of high-tech crystals

18 minutes ago

Highly purified crystals that split light with uncanny precision are key parts of high-powered lenses, specialized optics and, potentially, computers that manipulate light instead of electricity. But producing ...

A new multi-bit 'spin' for MRAM storage

2 hours ago

Interest in magnetic random access memory (MRAM) is escalating, thanks to demand for fast, low-cost, nonvolatile, low-consumption, secure memory devices. MRAM, which relies on manipulating the magnetization ...

Bats use polarized light to navigate

2 hours ago

Scientists have discovered that greater mouse-eared bats use polarisation patterns in the sky to navigate – the first mammal that's known to do this.

Recommended for you

Verizon launches rewards program with tracking

Jul 21, 2014

Verizon Wireless is launching a nationwide loyalty program this week for its 100-million-plus subscribers. There's a twist, though: To earn points for every dollar spent, subscribers must consent to have their movements tracked ...

Verizon boosts FiOS uploads to match downloads

Jul 21, 2014

Verizon is boosting the upload speeds of nearly all its FiOS connections to match the download speeds, vastly shortening the time it takes for subscribers to send videos and back up their files online.

The goTenna device pitch is No Service, No Problem

Jul 18, 2014

In the new age of Internet-based crowdfunding with special price offers, where startup teams try to push their product closer and closer to the gate of entry, goTenna's campaign offers a most attractive pitch. ...

Maths can make the internet 5-10 times faster

Jul 17, 2014

Mathematical equations can make Internet communication via computer, mobile phone or satellite many times faster and more secure than today. Results with software developed by researchers from Aalborg University ...

User comments : 0