The Organization of for the Advancement of Structured Information Standards (OASIS) today approved the Web Services...
April 19, 2004
The Organization of for the Advancement of Structured Information Standards (OASIS) today approved the Web Services Security (WSS) version 1.0 as a standard.
OASIS is a consortium that drives the development, convergence, and adoption of e-business standards. Members include IBM, HP, Hitachi, Microsoft, Sun Microsystems and Fujitsu.
WSS offers a trusted means for applying security to Web services by providing the necessary technical foundation for higher-level services.
"Enterprises should adopt WSS formatting for all across-the-firewall Web service deployments, even in cases where no security needs have been identified," said Ray Wagner, an analyst with Gartner consulting firm.
"We believe that WSS will be the standard for the majority of Web services, and committing to it now will allow enterprises to easily modify the security profile of deployed Web services in the future.”
WSS builds upon existing security technologies such as XML Digital Signature, XML Encryption and X.509 Certificates to deliver an industry standard way of securing Web Services message exchanges.
Providing a framework within which authentication and authorization take place, WSS allows organizations to apply existing security technology and infrastructure in a Web Services environment.
It also handles complex confidentiality and integrity for SOAP (Simple Object Access Protocol) messages, providing a general-purpose mechanism for associating security tokens with message content.