Group Addresses Web Services Security

WS-I group will focus on developing a basic profile for Web services security.

The Web Services Interoperability Organization Tuesday announced the formation of its Basic Security Profile Working Group (BSPWG).

The group will focus on developing a basic profile for Web services security, much like the WS-I has developed a basic profile for achieving overall interoperability.

Eve Maler, XML standards architect at Santa Clara, Calif.-based Sun Microsystems Inc., is the chairwoman of the WS-I Basic Security Work Plan task force. Maler said WS-I saw a need to go beyond the Basic Profile 1.0 and address security.

"Its clear that security is an area of great interest in the area of Web services," and in November 2002, the WS-I formed the Basic Security Work Plan task force to build a plan for dealing with security interoperability issues, she said.

"Our group is a bootstrapping group looking at the problem space as opposed to the solution space," Maler said. She also noted that the group so far has focused on two main types of security: "transport layer security and security that adheres to the message" throughout its journey.

The group identified and listed several technologies that ought to be profiled, including HTTPS—or secure HTTP—OASIS Web Services Security V1.0 and SOAP (Simple Object Access Protocol) attachment security, she said.

The BSPWGs interoperability profile, when complete, will feature transport security, SOAP messaging security and other security schemes enacted by the WS-I Basic Profile. The Basic Security Profile is intended to be an extension to the WS-I Basic Profile 1.0 and will reference existing specifications used to provide security, such as the WS-Security "outputs," Maler said.

The BSPWG will also develop a set of usage scenarios and their component message exchange patterns to guide their work. WS-I officials said the organization will produce a timeline in the next month for what it will deliver.

There are about 25 member companies represented in the group, including Sun, IBM, Microsoft Corp., Oracle Corp. and Accenture Ltd., according to Maler. The use cases and scenarios represent "a grab bag submitted by participants in the group," she added.

WS-I chartered the group after a session at the recent WS-I meeting held in Salt Lake City. In fact, WS-I officials said the announcement of the groups formation was planned for last week. However, the announcement of the decision on two new board seats took precedence over that news—so Tuesdays announcement was held for a week.

Latest Developer News:

Search for more stories by Darryl Taft.