The Web Services Interoperability Organization (WS-I) has unveiled the WS-I Basic Security Profile Working Group Draft, an early version of what is intended to be a guide for use of standards in the development of interoperable web services.
Feedback is sought on the proposal. WS-I intends to finalise the security profile by late summer or early autumn.
The profile focuses on interoperability and addresses transport security, Soap messaging security, and other security considerations for the WS-I Basic Profile 1.0 and 1.1, Attachments Profile 1.0, and Simple Soap Binding Profile 1.0. The security profile references specifications such as Oasis Web Services Security 1.0.
The profile also focuses on interoperability characteristics of HTTP over TLS (Transport Layer Security) and Web Services Security: Soap Message Security. X.509 certificate technology also is incorporated into the profile. Plans call for adding Kerberos technology. SAML and XRML technologies may be featured.
WS-I members include IBM, Microsoft, SAP and Sun Microsystems.
Paul Krill writes for infoWorld