The WS-security specification reached a significant milestone last week when the Organization for the Advancement of Structured Information Standards announced that it had formed a technical committee dedicated to the proposed standard.
The committee will be co-chaired by representatives from Microsoft Corp. and IBM, which published the original specification in conjunction with VeriSign Inc.
The Web Services-Security specification is one of several proposed standards for security in the emerging area of Web services. It defines a set of SOAP (Simple Object Access Protocol) message headers that are designed to ensure integrity in Web services applications.
Another OASIS technical committee has published a specification for SAML (Security Assertion Markup Language), which enables interoperability among various Web service applications by standardizing security assertions, or credentials.
And the Liberty Alliance Project recently unveiled its initial specification for identity management, a key piece to the Web services security puzzle. Liberty Alliance members see a lot of similarities among the disparate groups.
“We had a lot of the same issues as WS-Security in that there was no off-the-shelf security architecture to use, so we picked SAML,” said Joe Beatty, a Liberty Alliance technology group representative and protocol architect at Sun Microsystems Inc., in Palo Alto, Calif. “Wed presumably end up inheriting the same architecture as WS-Security if they end up cooperating with the SAML technical committee.”
Participants in the various efforts hope the proposed standards will all come together in a useful form.
“WS-Security is complementary to our work on SAML,” said Joe Pato of Hewlett-Packard Co., co-chair of the OASIS Security Services Technical Committee, in Palo Alto. “In fact, our team intends to employ WS-Security to specify the use of SAML for adding security features to SOAP messages.”
The WS-Security Technical Committee will hold its first meeting Sept. 4-5.
In the meantime, OASIS and the World Wide Web Consortium will hold a seminar Aug. 26-30 on security standards for Web services. The program will cover a range of topics from Web services integration to the role of electronic application integration in the Web services world.