WS-I Publishes Basic Security Profile - WS-I BSP 1.0
April 9, 2007 // Published as a news service by IHS
| |
| Tools for Engineers |
IHS sells flexible standards collections and robust engineering software to maximize your workflow.
To learn more, and for a free quote, please complete the form below. |
|
The Web Services Interoperability Organization (WS-I) published the WS-I Basic Security Profile (BSP) 1.0 as final material for public access.
BSP 1.0 is an essential guide for ensuring secure, interoperable web services, said the WS-I. The WS-I BSP 1.0 builds on the work completed in WS-I's Basic Profile 1.1. BSP 1.0 is available from the WS-I web site at http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html.
The WS-I BSP is an interoperability profile that addresses transport security, Simple Object Access Protocol (SOAP) messaging security and other security considerations for WS-I's Basic Profile 1.1, Simple SOAP Binding Profile 1.0 and Attachments Profile 1.0, which are available in final form at www.ws-i.org/deliverables/index.aspx.
Specifically, the BSP1.0 focuses on the interoperability characteristics of two technologies: Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS) and Web Services Security: SOAP Message Security.
HTTP over TLS is a point-to-point technology that protects the confidentiality of all information that flows over an HTTP connection.
Web Services Security: SOAP Message Security provides security protection for SOAP messages and applies even when a message passes through several intermediary waypoints, allowing differing levels of protection for selected portions of a message. The BSP 1.0 describes a way to apply SOAP message security to attachments.
The BSP 1.0 also incorporates Web Services Security: Username Token Profile, Web Services Security: X.509 Certificate Token Profile, Web Services Security: Kerberos Token Profile, Web Services Security: Security Assertion Markup Language (SAML) Token Profile and Web Services Security: eXtensible Rule Markup Language (XRML) Token Profile.
"Publishing the WS-I Basic Security Profile 1.0 is a major step toward achieving WS-I's objective of advancing interoperability for secure web services," said Michael Bechauf, chairman and president of WS-I.
WS-I is an open industry organization whose members promote web services interoperability across platforms, operating systems and programming languages.
"An interoperability profile offers valuable guidance to product implementers and application developers regarding the interpretation of a specification," said Anne Thomas Manes, research director and vice president, Burton Group. "A specification typically supports a broad set of requirements and offers a variety of options and approaches, but these options can lead to misinterpretation and result in interoperability challenges. An interoperability profile constrains the options and makes communication easier."
The WS-I Board approved BSP 1.0 after receiving confirmation that five members demonstrated interoperability. Following board approval, the document was submitted to WS-I's membership who voted to approve BSP 1.0.
Source: Web Services Interoperability Organization (WS-I).