OASIS Approves New Web Services Security Standards

Mar 28, 2007

The Organization for the Advancement of Structured Information Systems has approved WS-SecureConversation and WS-Trust as standards.

The Organization for the Advancement of Structured Information Systems has announced that its members have approved WS-SecureConversation version 1.3 and WS-Trust version 1.3 as OASIS Standards.

The specifications were developed by the OASIS WS-SX (Web Services Secure Exchange) Technical Committee and they define policies and extensions to WS-Security that enable the trusted exchange of multiple SOAP (Simple Object Access Protocol) messages.

WS-Trust provides methods for issuing, renewing and validating security tokens as well as establishing, detecting and brokering trust relationships, OASIS officials said. Meanwhile, WS-SecureConversation allows security contexts to be created and key material to be exchanged more efficiently, OASIS said.

Together the standards can improve the performance and security of exchanges.

"In order to secure communication between two parties, both must exchange security credentials," said Anne Thomas Manes, research director with the Burton Group, in a statement.

"Before that can take place though, each party needs to determine if they can 'trust' the asserted credentials of the other. Applications that communicate using the Web services framework (e.g., SOAP and WSDL) can use WS-Trust to obtain and exchange security credentials - either directly or through a trusted third party - and use WS-SecureConversation to establish and maintain an extended secure session."

Kelvin Lawrence of IBM, co-chair of the OASIS WS-SX Technical Committee, said, "WS-Trust builds upon WS-Security by introducing an XML syntax and a protocol that enables the issuance and dissemination of credentials between different trust domains via a security token service."

Meanwhile, Chris Kaler, a Microsoft engineer and co-chair of the WS-SX committee, said, "WS-Security focuses on the security of a single message, which is useful in many situations. WS-SecureConversation adds a security context authentication model that is extremely beneficial for long-running exchanges. When two parties are passing multiple rounds of secured messages back and forth, the added security and efficiency provided by WS-SecureConversation becomes essential."

Among the industry leaders, IBM, Microsoft and Sun Microsystems have verified successful implementations of WS-SecureConversation and WS-Trust in accordance with eligibility requirements for all OASIS Standards.

However, Adobe, AmberPoint, Axway, BEA Systems, BMC Software, CA, EDS, Forum Systems, Fujitsu, HP, IBM, IONA, Microsoft, Neustar, Nokia, Nortel, Novell, Oracle, Progress Software, Red Hat, Ricoh, SAP, SOA Software, Software AG, Sun Microsystems, Tibco Software, VeriSign, and other members of OASIS collaborated to develop WS-SecureConversation and WS-Trust, OASIS officials said.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: FTC says AT&T misled customers with unlimited data

add to favorites email to friend print save as pdf

Related Stories

Google execs discuss regulation, innovation and bobble-heads

41 minutes ago

Eric Schmidt and Jonathan Rosenberg help run Google, one of the world's best-known, most successful - and most controversial - companies. They've just published a new book, "How Google Works," a guide to managing what they ...

Developing the battery of the future

1 hour ago

The search for the next generation of batteries has led researchers at the Canadian Light Source synchrotron to try new methods and materials that could lead to the development of safer, cheaper, more powerful, ...

Gamers' funding fuels meteoric rise of 'Star Citizen'

1 hour ago

Chris Roberts' brain spun out a grand vision: a rich, immersive galaxy; exquisite spaceships traversing between infinite star systems with thousands of computer gamers manning the cockpits, racing, dogfighting and defending ...

LinkedIn reports 3Q loss but sales climb

1 hour ago

LinkedIn Corp. posted a third-quarter loss on Thursday, but its results were better than expected as revenue grew sharply, sending shares of the online professional networking service higher in extended trading.

Recommended for you

Google execs discuss regulation, innovation and bobble-heads

41 minutes ago

Eric Schmidt and Jonathan Rosenberg help run Google, one of the world's best-known, most successful - and most controversial - companies. They've just published a new book, "How Google Works," a guide to managing what they ...

Gamers' funding fuels meteoric rise of 'Star Citizen'

1 hour ago

Chris Roberts' brain spun out a grand vision: a rich, immersive galaxy; exquisite spaceships traversing between infinite star systems with thousands of computer gamers manning the cockpits, racing, dogfighting and defending ...

LinkedIn reports 3Q loss but sales climb

1 hour ago

LinkedIn Corp. posted a third-quarter loss on Thursday, but its results were better than expected as revenue grew sharply, sending shares of the online professional networking service higher in extended trading.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.