Welcome!

Linux Authors: Reuven Cohen, Michael Sheehan, Lavenya Dilip, Ian Thain, Bruce Armstrong

Related Topics: SOA & WOA, Security

SOA & WOA: Article

WS-I Publishes Basic Security Profile Working Group Draft

WS-I Publishes Basic Security Profile Working Group Draft

The Web Services Interoperability Organization (WS-I) has announced the availability of the WS-I Basic Security Profile Working Group Draft. When final, the Basic Security Profile will be a guide for the use of Web services security standards and technologies in the development of interoperable Web services. The WS-I Basic Security Profile Working Group Draft can be reviewed at www.ws-i.org ">www.ws-i.org, and feedback may be submitted to secprofile_comment@ws-i.org .

The Basic Security Profile is an interoperability profile that addresses transport security, SOAP messaging security and other security considerations for the Basic Profile 1.0, as well as the Basic Profile 1.1, Simple SOAP Binding Profile 1.0 and Attachments Profile 1.0, currently available for public review as Working Group Drafts. The Basic Security Profile is intended to compose with other WS-I profiles and will reference existing specifications used to provide security, including the OASIS Web Services Security 1.0 specification, and provide clarifications and guidance designed to promote interoperability of those specifications.

The Basic Security Profile focuses on the interoperability characteristics of two main technologies: HTTP over TLS and Web Services Security: SOAP Message Security. HTTP over TLS is a point-to-point technology that protects the confidentiality of all information that flows over an HTTP connection. Web Services Security: SOAP Message Security provides security protection for SOAP messages and applies even when a message passes through several intermediary waypoints, allowing differing levels of protection for selected portions of a message. The Basic Security Profile describes a way to apply SOAP Message Security to attachments.

The Basic Security Profile also incorporates Web Services Security: Username Token Profile and Web Services Security: X.509 Certificate Token Profile. The Basic Security Profile Working Group is planning to incorporate the Web Services Security: Kerberos Token Profile into the Basic Security Profile upon completion of the technical work by the OASIS Web Services Security Technical Committee. WS-I is considering incorporating other token profiles such as the Web Services Security: SAML Token Profile and Web Services Security: XRML Token Profile into the Basic Security Profile.

More Stories By SOA News Desk

SOA World Magazine News Desk trawls the world of distributed computing and SOA-related developments for the latest word on technologies, standards, products, and services and brings key information to you in a timely and convenient summary form.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.