WS-I releases Basic Security Profile draft |
 |
By Michael S. Mimoso, Senior News Editor
18 May 2004 | SearchWebServices.com |
|
|
LOS ANGELES -- With work on the WS-I Basic Profile having wrapped up in March, the organization got a little granular Tuesday at Gartner's Application Integration and Web Services Summit by turning its attention toward security.
The Web Services Interoperability (WS-I) Organization released the Basic Security Profile Working Group Draft for public comment, and now will collect feedback that will be incorporated into the final profile.
The Basic Security Profile will
be a guide for using Web services security standards and technology in developing interoperable Web services, said Andy Astor, chairman of the WS-I marketing and communications committee, and vice president of strategic solutions at webMethods.
"The end goal is interoperable Web services," Astor said. "We started with Web services, then added security. Next, we'll add something else until we fill all the blanks and enterprises can securely create and use Web services."
The Basic Security Profile lays out a set of interoperability guidelines for transport security, primarily HTTP over TLS and SOAP Message Security.
The security profile will eventually be part of the Basic Profile 1.0 and 1.1, the Simple SOAP Binding Profile 1.0 and Attachments Profile 1.0. All of those are available for public review as Working Group Drafts.
WS-I added that Basic Security Profile will also take into account work done by OASIS in the Web Services Security 1.0 specification, specifically the Username Token Profile and X.509 Certificate Token Profile. Plans are in the works to incorporate the Kerberos Token Profile once OASIS has wrapped up its efforts there.
Support for the SAML Token Profile and XRML Token Profile is also included.
|
|
|
|
