OASIS stamps approval on WS-Security 1.1

John Fontana   Today’s Top Stories   or  Other Security Stories  

SAS Dream Team Video: Strategies for getting senior executives to agree Advances in SSL and Certificate Management Virtualization: Simplify. Automate. Lower Costs. Eliminate Tape Restores with TimeData CDP Protecting Sharepoint with Double-Take for Windows 5.0 LIVEWIRE™: Full-Server Protecting and Recovery in Real-Time Sold on SOA Six Questions To Ask About Information And Competition Virtual Reality Sign up to receive Web Site Management Resource Alerts

February 16, 2006 (Network World) -- A standards body on yesterday gave final approval to a security specification that is recognized as a foundation for securing distributed applications and Web services.

The Organization for the Advancement of Structured Information Standards (OASIS) approved WS-Security 1.1 as an official standard. The designation is the highest level of ratification within OASIS.

What WS-Security solves for end users is the problem of how to pass data securely between Web services.

The 1.1 specification, crafted by the Web Services Security (WSS) Technical Committee, is highlighted by enhancements to security token support, message attachments and rights management. The 1.0 version became a formal standard in April 2004.

The 1.1 specification includes the core WS-Security specification and the Username Token Profile 1.1, X.509 Token Profile 1.1, Kerberos Token Profile 1.1, SAML Token Profile 1.1, Rights Expression (REL) Token Profile 1.1, SOAP With Attachments (SWA) Profile 1.1 and Schema 1.1.

With WS-Security, users have a general-purpose method for building integrity, confidentiality and authentication into the message exchanges between or among Web services applications. The protocol fosters integration of technology used to secure messages, including X.509 certificates and Kerberos.

Coupled with extensions such as WS-Policy, WS-Trust and WS-Secure Conversation, the specification allows more sophisticated and secure ways for Web services to interact.

The protocol's ratification comes a day after Bill Gates, chief software architect for Microsoft Corp., opened up the annual RSA Security Conference by pointing out that security cannot evolve to support a "trust ecosystem" without Web services and other standards.

Although Gates did not name any standards by name, WS-Security has emerged as one of those critical standards.

Research firm Gartner Inc. said WS-Security 1.1 will become a standard for the majority of Web services and that users should adopt it now to make it easier to update their Web services in the future.

WS-Security has been adopted by other standards bodies such as the Liberty Alliance, which incorporates it into their identity federation and by numerous vendors.

The list of those contributing to work on the WS-Security 1.1 specification includes Actional/Progress Software, Adobe, AmberPoint, BEA Systems, BMC Software, Computer Associates, EMC, Forum Systems, Fujitsu, HP, Hitachi, IBM, Intel, Microsoft, Neustar, Nokia, Oracle, Reactivity, RSA Security, SAP, Sun, Tibco and VeriSign.

Reprinted with permission from

For more information about enterprise networking, go to NetworkWorld.com
Story copyright 2008 Network World, Inc. All rights reserved.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"I had a chuckle when I read Gregg Keizer's article "..." Read more... Read more Security posts or See all Blogs

'Experimental' security fix is malware, Microsoft says Tough economic climate can heighten insider threat Top security suites fail exploit tests More top stories...

16 e-mail and instant messaging boosters Microsoft readies first attack forecast NASA follows Mars successes with plans for $2B super rover

Q&A: E-voting security results 'awful,' says Ohio secretary of state How bad? 'I thought I was going to throw up,' Jennifer Brunner recalls. IT's biggest project failures -- and what we can learn from them Think your project's off track and over budget? Learn a lesson or two from these infamous project flameouts. Sprint's 4G Xohm WiMax: How fast is it? In our hands-on testing, the new Xohm WiMax network from Sprint was fast and smooth -- but for now, you have to be in Baltimore to get it. Accused Palin hacker has a history of intrusion College student David Kernell allegedly broke into a middle school server eight years ago, according to a former teacher. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland Security Apple's iPhone Ask a Premier 100 IT Leader Bill Gates steps down BlackBerry Legal Battle Data Security Breaches Electronic Voting Firefox H-1B Visas HP's Boardroom Scandal Handheld Devices Hurricane Katrina Aftermath Microsoft Legal Issues Microsoft's Vista Open Source RFID Technology SCO's Linux Fight Sarbanes-Oxley Act Spam Voice Over IP Wi-Fi Windows Meta File Vulnerability Windows XP Service Pack 3 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class 2006 Computerworld Horizon Awards 2006 Premier 100 IT Leaders 2006 Salary Survey 2007 Best Places to Work in IT 2007 IT Forecast 2007 Premier 100 IT Leaders 40 Years of Computerworld ASPs, Take Two Best Places to Work in IT 2003 Best Places to Work in IT 2004 Best Places to Work in IT 2005 Best Places to Work in IT 2006 Business Intelligence Home Runs Business Intelligence: Smarter BI Business Intelligence: The Future of BI CRM Goes Vertical CRM: Sober CRM Career Planning Guide 2005 Careers: IT Profession 2010 Computerworld Horizon Awards 2005 Data Management: Mining for Gems Data Management: Taming Data Chaos Development: Hard-Workin' Web Sites Development: New Tools New Choices Development: The New World of Application Development Development: The Web Services Tsunami Development: Web Services Hurdles Disaster Recovery: Preparing for the Worst E-commerce Grows Up E-mail/Groupware: Big Decisions Faces of Mobile IT Forecast 2006 Global Mobile Hardware: Multiple Cores, Multiple Challenges Hardware: On-Demand Un-Hyped Hardware: The Shape of Things to Come Horizon Awards: 10 Cool Cutting Edge Technologies IT Management: Guide to Managing Vendors IT Management: Navigating Global IT IT Management: Recovery Ahead IT Management: The Future of IT IT Management: The Resourceful Project Manager Innovative Technology Awards 2004 Management: Reinventing IT Microsoft in Transition Mobile/Wireless Leaders and Laggards Mobile/Wireless: The Untethered Worker Mobile/Wireless: Tiny Gadgets, Huge Costs Network Management: Taking Control Networking: Turbulence Ahead! Networking: VoIP Goes Mainstream Operating Systems: In the Slow Lane Operating Systems: Linux Goes Global Operating Systems: Should You Nix Unix? Outsourcing: Offshore Buyer's Guide Outsourcing: Outsourcing Dangers Premier 100 IT Leaders 2004 Best in Class Premier 100 IT Leaders 2005 Best in Class ROI: Do the Math! Salary Survey 2003 Salary Survey 2004 Salary Survey 2005 Security Action Plan Security: Compliance Headaches Security: Proactive Security Security: Risk and Reward Security: Tips From Security Pros Souped-up Security Storage: Battling Complexity Storage: Cheap & Secure Data Stores Storage: Stretching Your Storage Dollars Storage: The Lean Storage Machine Storage: The New Rules of Storage Storage: The Ultimate Backup Guide Supply Chain: Missing Links Supply Chain: RFID Reality Check The Business of Security Web 2.0 Security Wireless: Wireless At Work All Zones Application Performance Zone Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone Windows Protection Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Sold on SOA (Source: Computerworld) It's the hot technology for most large companies, but business, technical and cultural issues must be addressed for a successful SOA implementation. Get the whole story, from the big picture to the how-to-do-it details, in this Executive Bulletin. Download this Executive Bulletin (a $49.95 value) for Free, compliments of Fujitsu. Download this executive briefing  Advances in SSL and Certificate Management Advances in SSL and Certificate Management View this webcast now! Go to the webcast  Driving Business Success Through Workgroup Choice and Flexibility Download this white paper compliments of Novell! (Source: Novell) The structure of your workgroup environment plays a vital role in enabling your knowledge workers to be productive and collaborate securely. And IT choice and flexibility can mean the difference between reactive spending and proactive investment. Boost your competitive advantage with a workgroup infrastructure that lets you deliver the tools and services that are right for you. Download this white paper to learn how Novell offers a variety of solutions that give you the flexibility to address critical business initiatives and workforce productivity. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. LIVEWIRE™: Full-Server Protecting and Recovery in Real-Time Eliminate Tape Restores with TimeData CDP Protecting Sharepoint with Double-Take for Windows 5.0 View more whitepapers

• 'Experimental' security fix is malware, Microsoft says
• 16 e-mail and instant messaging boosters
• Tough economic climate can heighten insider threat
• More top stories 

"Turning information into a Competitive Advantage" Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage. View this webcast now!  See more Webcasts