WS-Security, a widely supported proposal for securing web services, could become an official Oasis standard by March.
Next month, Oasis anticipates a full-membership vote on the WS-Security specification, which is intended to provide critical security for web services. If approved during a 30-day voting period, WS-Security becomes an Oasis standard.
The Oasis web services security technical committee earlier this month approved a set of documents pertaining to the specification, which is officially referred to as Web Services Security: Soap Message Security 1.0. The specification describes enhancements to Soap messaging to provide for message integrity and confidentiality.
Related documents also approved included Username Token Profile, for using WS-Security for user names and passwords, and X.509 Certificate Token Profile, for using WS-Security to sign and encrypt messages via X.509 digital certificates, said Kelvin Lawrence, co-chairman of the Oasis committee and an IBM distinguished engineer. Also approved were documents pertaining to XML Schema and XML extensions pertinent to WS-Security.
"This is a major milestone, but it's not the final milestone," said Lawrence.
IBM uses WS-Security in its WebSphere platform and will update its implementation to conform to the final specification when approved.
WS-Security was first published by IBM, Microsoft and VeriSign in 2002.
Paul Krill writes for infoWorld