OASIS Approves New Web Services Security Standards

Mar 28, 2007

The Organization for the Advancement of Structured Information Systems has approved WS-SecureConversation and WS-Trust as standards.

The Organization for the Advancement of Structured Information Systems has announced that its members have approved WS-SecureConversation version 1.3 and WS-Trust version 1.3 as OASIS Standards.

The specifications were developed by the OASIS WS-SX (Web Services Secure Exchange) Technical Committee and they define policies and extensions to WS-Security that enable the trusted exchange of multiple SOAP (Simple Object Access Protocol) messages.

WS-Trust provides methods for issuing, renewing and validating security tokens as well as establishing, detecting and brokering trust relationships, OASIS officials said. Meanwhile, WS-SecureConversation allows security contexts to be created and key material to be exchanged more efficiently, OASIS said.

Together the standards can improve the performance and security of exchanges.

"In order to secure communication between two parties, both must exchange security credentials," said Anne Thomas Manes, research director with the Burton Group, in a statement.

"Before that can take place though, each party needs to determine if they can 'trust' the asserted credentials of the other. Applications that communicate using the Web services framework (e.g., SOAP and WSDL) can use WS-Trust to obtain and exchange security credentials - either directly or through a trusted third party - and use WS-SecureConversation to establish and maintain an extended secure session."

Kelvin Lawrence of IBM, co-chair of the OASIS WS-SX Technical Committee, said, "WS-Trust builds upon WS-Security by introducing an XML syntax and a protocol that enables the issuance and dissemination of credentials between different trust domains via a security token service."

Meanwhile, Chris Kaler, a Microsoft engineer and co-chair of the WS-SX committee, said, "WS-Security focuses on the security of a single message, which is useful in many situations. WS-SecureConversation adds a security context authentication model that is extremely beneficial for long-running exchanges. When two parties are passing multiple rounds of secured messages back and forth, the added security and efficiency provided by WS-SecureConversation becomes essential."

Among the industry leaders, IBM, Microsoft and Sun Microsystems have verified successful implementations of WS-SecureConversation and WS-Trust in accordance with eligibility requirements for all OASIS Standards.

However, Adobe, AmberPoint, Axway, BEA Systems, BMC Software, CA, EDS, Forum Systems, Fujitsu, HP, IBM, IONA, Microsoft, Neustar, Nokia, Nortel, Novell, Oracle, Progress Software, Red Hat, Ricoh, SAP, SOA Software, Software AG, Sun Microsystems, Tibco Software, VeriSign, and other members of OASIS collaborated to develop WS-SecureConversation and WS-Trust, OASIS officials said.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Mobile provider TracFone to pay $40M in federal settlement

add to favorites email to friend print save as pdf

Related Stories

Black hole chokes on a swallowed star

10 minutes ago

A five-year analysis of an event captured by a tiny telescope at McDonald Observatory and followed up by telescopes on the ground and in space has led astronomers to believe they witnessed a giant black hole ...

Montana oil spill estimate lowered to 30,000 gallons

32 minutes ago

Authorities have lowered their estimate of how much oil spilled from a broken pipeline beneath the Yellowstone River in eastern Montana, briefly contaminating the water supply of a city downstream.

Researchers use oxides to flip graphene conductivity

45 minutes ago

Graphene, a one-atom thick lattice of carbon atoms, is often touted as a revolutionary material that will take the place of silicon at the heart of electronics. The unmatched speed at which it can move electrons, ...

NOAA's DSCOVR going to a 'far out' orbit

52 minutes ago

Many satellites that monitor the Earth orbit relatively close to the planet, while some satellites that monitor the sun orbit our star. DSCOVR will keep an eye on both, with a focus on the sun. To cover both ...

Recommended for you

Google wireless service could disrupt carriers

Jan 27, 2015

Internet users from San Jose to Kansas City have been clamoring for Google to lay down its long-awaited fiber-optic network to compete with Comcast and AT&T in speeding up Web and television access. Now the Silicon Valley ...

Google super-fast US Internet service spreads

Jan 27, 2015

Google's super-fast Internet service—up to 100 times quicker than basic broadband—is heading for four more US metropolitan areas as the technology titan ramps up pressure on cable service giants.

Transmitting wireless data on higher frequencies

Jan 27, 2015

Everything we do that requires a wireless connection uses the radio spectrum. We're able to harness radio waves to listen to music in the car or stream Netflix from the 4G network on our smartphones. Each ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.