TechTarget

Web services security spec closer to approval

WS-Security, a widely supported proposal for securing web services, could become an official Oasis standard by March.

WS-Security, a widely supported proposal for securing web services, could become an official Oasis standard by March.
 
Next month, Oasis anticipates a full-membership vote on the WS-Security specification, which is intended to provide critical security for web services. If approved during a 30-day voting period, WS-Security becomes an Oasis standard.

The Oasis web services security technical committee earlier this month approved a set of documents pertaining to the specification, which is officially referred to as Web Services Security: Soap Message Security 1.0. The specification describes enhancements to Soap messaging to provide for message integrity and confidentiality.

Related documents also approved included Username Token Profile, for using WS-Security for user names and passwords, and X.509 Certificate Token Profile, for using WS-Security to sign and encrypt messages via X.509 digital certificates, said Kelvin Lawrence, co-chairman of the Oasis committee and an IBM distinguished engineer. Also approved were documents pertaining to XML Schema and XML extensions pertinent to WS-Security.

"This is a major milestone, but it's not the final milestone," said Lawrence.

IBM uses WS-Security in its WebSphere platform and will update its implementation to conform to the final specification when approved.

WS-Security was first published by IBM, Microsoft and VeriSign in 2002.

Paul Krill writes for infoWorld

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close