A report by the Web Services Interoperability (WS-I) organisation has identified potential security threats to web services and offered solutions for them.
A WS-I representatives explained that the report - Security Scenarios Working Group Draft - was created by profiling what the Oasis web services security (WSS) technical committee has released in the form of security specifications.
Rich Salz, chief security architect for DataPower and a member of the WS-I Basic Security Profile Working Group, said the purpose of the draft was to narrow down the wide set of recommendations set forth in the various Oasis-approved specifications into a document that serves the needs of the WS-I membership.
The draft identifies potential threats and outlines countermeasures based on common scenarios for those architecting and deploying web services in their organisations. The group hopes to receive feedback on the document immediately.
The two-year-old group is also working to create a basic security profile that defines common ways to provide security in web services.
WS-I representatives said the profile will be available within four months.
WS-I has already issued a basic profile for deploying web services which consists of implementation guidelines on how web services specifications should be used to create interoperable web services.
The basic profile covers Soap 1.1, WSDL 1.1, UDDI 2.0, XML 1.0 and XML Schema specifications.
Written by InfoWorld staff