Standards Groups Support Web Services

 
 
By Darryl K. Taft  |  Posted 2002-10-28
 
 
 
Two key standards organizations have announced efforts to support Web services, in such areas as security, development, modeling and management.

The Organization for the Advancement of Structured Information Standards (OASIS) announced that it has formed a technical committee to create XML protocols for digital signature and cryptographic time-stamping for Web services. The committee, dubbed the OASIS Digital Signature Services Technical Committee, consists of representatives from Entrust Inc., IONA Technologies Inc, WebMethods Inc., TIBCO Software Inc., VeriSign Inc. and the National Institute of Standards and Technology. Essentially, the group will work on developing a standard for allowing Web services to make and validate digital signatures, and for verifying that digital signatures are made during the window of time that their private keys are valid.

Eric Newcomer, CTO of IONA, said of the groups efforts, "There are two major goals that the technical committee hopes to achieve to help further the cause of delivering truly secure Web services. The first is to put a technical foundation for the repudiation of SOAP [Simple Object Access Protocol] documents. The second is emphasizing digital signatures and cryptographic time-stamping for better transaction integrity."

The new groups work will complement that of other groups efforts around security, including OASISs efforts and those within the World Wide Web Consortium. The related OASIS efforts include the Extensible Access Control Markup Language (XACML), the Security Assertion Markup Language (SAML) and WS-Security. Related W3C efforts include XML Signature and XML Key Management.

Robert Zuccherato of Entrust, chair of the new OASIS group, said in a statement, "Digital signatures and time stamping provide the long-term integrity and accountability thats necessary for online business transactions. Our work at OASIS will allow organizations to determine the parties involved in a transaction and the specific moment in time when a transaction occurred, with the assurance that the transaction has not been altered since it was digitally signed. These are all essential attributes of important business transactions."

Phil Schacter, vice president of Directory and Security Strategies for the Burton Group, said in a statement: "Commerce between companies and supply chains requires time stamping and signing services from trusted sources to support non-repudiation for high value business transactions."

OASIS officials said participation in its Digital Signature Services Technical Committee remains open to all organizations and individuals. Information on joining OASIS can be found at http://www.oasis-open.org/join.

Meanwhile, the Object Management Group (OMG) announced that it will meet in Washington, D.C., the week of November 18 to discuss and vote on a number of standards issues, including Web services-related standards, object-oriented software and modeling.

OMGs task force for standardizing the infrastructure for distributed computing will promote two new Web services specifications, OMG officials said. One specification will standardize the interaction between the Common Object Request Broker Architecture (CORBA) and Web Services Definition Language (WSDL). The other specification deals with Web services for enterprise collaboration.

Another OMG task force will meet to begin final votes on OMGs Universal Modeling Language (UML) 2.0 standard, and will look at UML relationships to Web services and the Java 2 Enterprise Edition platform, OMG officials said. In addition, OMG members are expected to form a Model Driven Architecture (MDA) users group, and there will be a session on return on investment of MDA activities, OMG said. Other work will be done on standards for real-time CORBA and for industrial systems.

The meeting schedule, and links to agendas and registration for members are available at www.omg.org/registration/registration-tc.htm, and for guests at www.omg.org/news/meetings/tc/guest.htm. Information about the MDA is collected at www.omg.org/mda.

Rocket Fuel