February 16, 2006 (Network World) --
A standards body on yesterday gave final approval to a security specification that is recognized as a foundation for securing distributed applications and Web services.
The Organization for the Advancement of Structured Information Standards (OASIS) approved WS-Security 1.1 as an official standard. The designation is the highest level of ratification within OASIS.
What WS-Security solves for end users is the problem of how to pass data securely between Web services.
The 1.1 specification, crafted by the Web Services Security (WSS) Technical Committee, is highlighted by enhancements to security token support, message attachments and rights management. The 1.0 version became a formal standard in April 2004.
The 1.1 specification includes the core WS-Security specification and the Username Token Profile 1.1, X.509 Token Profile 1.1, Kerberos Token Profile 1.1, SAML Token Profile 1.1, Rights Expression (REL) Token Profile 1.1, SOAP With Attachments (SWA) Profile 1.1 and Schema 1.1.
With WS-Security, users have a general-purpose method for building integrity, confidentiality and authentication into the message exchanges between or among Web services applications. The protocol fosters integration of technology used to secure messages, including X.509 certificates and Kerberos.
Coupled with extensions such as WS-Policy, WS-Trust and WS-Secure Conversation, the specification allows more sophisticated and secure ways for Web services to interact.
The protocol's ratification comes a day after Bill Gates, chief software architect for Microsoft Corp., opened up the annual RSA Security Conference by pointing out that security cannot evolve to support a "trust ecosystem" without Web services and other standards.
Although Gates did not name any standards by name, WS-Security has emerged as one of those critical standards.
Research firm Gartner Inc. said WS-Security 1.1 will become a standard for the majority of Web services and that users should adopt it now to make it easier to update their Web services in the future.
WS-Security has been adopted by other standards bodies such as the Liberty Alliance, which incorporates it into their identity federation and by numerous vendors.
The list of those contributing to work on the WS-Security 1.1 specification includes Actional/Progress Software, Adobe, AmberPoint, BEA Systems, BMC Software, Computer Associates, EMC, Forum Systems, Fujitsu, HP, Hitachi, IBM, Intel, Microsoft, Neustar, Nokia, Oracle, Reactivity, RSA Security, SAP, Sun, Tibco and VeriSign.
Reprinted with permission from For more information about enterprise networking, go to NetworkWorld.com Story copyright 2008 Network World, Inc. All rights reserved.
(Source: Computerworld) It's the hot technology for most large companies, but business, technical and cultural issues must be addressed for a successful SOA implementation. Get the whole story, from the big picture to the how-to-do-it details, in this Executive Bulletin. Download this Executive Bulletin (a $49.95 value) for Free, compliments of Fujitsu. Download this executive briefing
Advances in SSL and Certificate Management
Advances in SSL and Certificate Management View this webcast now! Go to the webcast
Driving Business Success Through Workgroup Choice and Flexibility
Download this white paper compliments of Novell! (Source: Novell) The structure of your workgroup environment plays a vital role in enabling your knowledge workers to be productive and collaborate securely. And IT choice and flexibility can mean the difference between reactive spending and proactive investment. Boost your competitive advantage with a workgroup infrastructure that lets you deliver the tools and services that are right for you. Download this white paper to learn how Novell offers a variety of solutions that give you the flexibility to address critical business initiatives and workforce productivity. Download this white paper
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage.