[ISN] WS-Security Spec Sent to OASIS

From: InfoSec News (isnat_private)
Date: Fri Jun 28 2002 - 01:20:55 PDT

  • Next message: InfoSec News: "[ISN] Tech companies: Do as Bond would do"

    June 27, 2002 
    By Darryl K. Taft 
    Moving ahead on promises made when they formed the initiative in
    April, IBM, Microsoft Corp. and VeriSign Inc. Thursday announced that
    they will submit the latest version of the Web Services Security
    (WS-Security) specification to the Organization for the Advancement of
    Structured Information Standards for ongoing development.
    The WS-Security specification is a leading Web services standards
    effort to support, integrate and unify multiple security models,
    mechanisms and technologies, allowing a variety of systems to
    interoperate in a platform- and language-neutral manner, the companies
    Eric Newcomer, chief technology officer of Iona Technologies Inc., in
    Waltham, Mass., and a founding member of the working group that will
    handle the WS-Security standards effort within OASIS, said from his
    perspective IBM and Microsoft grew "impatient" with the efforts of the
    Worldwide Web Consortium (W3C) to deliver a standard around security
    and Web services.
    Newcomer, a member of the W3C Web Services Architecture Working Group,
    said the group has been trying to create a security working group at
    the W3C to no avail. "It's hard to do," he said.
    However, "I'd say it's a good choice," Newcomer said of the decision
    to push the standard through OASIS. "They have a good track record"  
    delivering standards, he said.
    In addition to Iona, many OASIS member companies pledged support for
    WS-Security, including Baltimore Technologies plc., BEA Systems Inc.,
    Documentum Inc., Entrust Inc., Netegrity Inc., Novell Inc., Oblix
    Inc., RSA Security Inc., SAP AG, Sun Microsystems Inc., Systinet Corp.  
    and Vodafone Group plc.
    With this announcement, IBM, Microsoft and VeriSign strengthened their
    commitment to build and deliver standards-based security solutions,
    the companies said. The three companies will continue to work together
    to advance standards-based specifications that will allow for
    comprehensive Web services security solutions as outlined in the
    "Security in a Web Services World" road map, which was drafted by IBM
    and Microsoft in April.
    "We have to make some progress, and we have to get this stuff
    standardized," Newcomer said.
    The WS-Security specification, which provides the foundation for that
    road map, defines a standard set of Simple Object Access Protocol
    (SOAP) extensions, or message headers, which can be used to implement
    integrity and confidentiality in Web services applications. Web
    services are applications that can be accessed through XML and
    SOAP-based protocols, making them platform- and language-independent.  
    WS-Security provides a foundation layer for secure Web services,
    laying the groundwork for higher-level facilities such as federation,
    policy and trust.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 04:19:18 PDT