The Web Services Interoperability Organization delivers an update to its security profile. The WS-I Basic Security Profile 1.1 integrates OASIS Web Services-Security 1.1 key encryption and improves interoperability.
The Web Services Interoperability
has delivered an update to its security profile, the WS-I
Basic Security Profile 1.1.
WS-I is an "open industry organization" that focuses on
establishing best practices for Web services interoperability, the organization
said in a news release March 23. "The WS-I Basic Security Profile is an
essential guide for ensuring secure, interoperable Web services, based on a set
of non-proprietary Web services specifications, along with clarifications and
amendments to those specifications that promote interoperability. BSP 1.1
integrates OASIS Web Services Security (WS-Security) 1.1 key encryption and
signature features that can improve interoperability of practical secure
technologies used in current Web services applications."
"The Basic Security Profile 1.1 is an important update to WS-I's
efforts to advance interoperability and security for Web services," David
Burdett, chair of the WS-I Board of Directors, said in a statement. "Our
thanks go to the WS-I BSP Working Group members who have so successfully
collaborated to produce BSP 1.1."
The WS-I statement continued:
"Specifically, BSP 1.1 targets
transport and SOAP [Simple Object Access Protocol] message security, and Basic
Profile-specific security considerations of Web Services. BSP 1.1 focuses on
Web Services Message Security and HTTP over Transport Level Security (TLS). Building on BSP 1.0, BSP 1.1 is based on
the key security usage scenarios and requirements identified in WS-I's Security
BSP 1.1 constrains the use of several
common security tokens based on the OASIS Web Services Security (WS-Security)
1.1 and its token profiles. Security tokens profiled include Kerberos, X.509,
SAML and Username token.
"The WS-I Basic Security Profile
1.1 builds upon the strong foundation in BSP 1.0 and extends it to cover core
security scenarios in WS-Security 1.1," said Paul Cotton, Chair of the BSP
Working Group. "We believe security is a top priority for Web services and
are pleased with the work we've been able to achieve to provide solid secure,
interoperable web services for implementers and consumers."
Concluding a six-month testing effort,
six WS-I member companies-Intel, IBM, Layer
7, Microsoft, Oracle and SAP
AG-successfully interoperated using BSP 1.1 and contributed to profile
enhancements based on their results. The scenarios and test tools are publicly
available at http://www.ws-i.org/deliverables/workinggroup.aspx?wg=testingtools
for third-party Web services applications to test security interoperability."
The statement continued, "Among the WS-I member companies whose
representatives participated in developing BSP 1.1 were BMC
Software, Hitachi, HP [Hewlett-Packard], IBM,
Layer 7 Technologies, Microsoft, Nokia, Oracle and SAP."
WS-I also said, "BSP 1.1 is available at no charge from the WS-I Web
site, at http://www.ws-i.org/deliverables/workinggroup.aspx?wg=basicsecurity.