OASIS Polishing Security Specs for Web
Technical committees focusing on message protection
November 21, 2007 —
(Page 1 of 2)
As the use of service-oriented architecture has risen in recent years, there has been a much greater focus on tightening the security of Web services.
Since Web services are message-driven, it is necessary to protect message contents. But absent a military-grade secure connection, something has to protect messages as they move through intermediaries. The Organization for the Advancement of Structured Information Standards (OASIS) has been developing a number of specifications to help secure message-driven Web services.
There are two active technical committees within the OASIS group dealing with Web services. One is the Web Services Secure Exchange, which manages the WS-Trust, WS-SecureConversation and WS-SecurityPolicy specifications. The other is WS-Federation, which only set up shop in June. The comparatively veteran Web Services Secure Exchange (WS-SX) was started in January 2006, to enable trusted SOAP message exchanges and to define security policies that govern the formats of such messages, and remains busy.
“We’re going through a second set of revisions: things that we didn’t have time to do in the first release, issues that had come up,” said Anthony Nadalin, chief security architect of IBM and technical committee member of WS-SX.
Protecting the Message
WS-Trust was updated in March, and uses tokens to protect messages. It includes a protocol that tells how to get tokens or how to use them to protect messages.
WS-SecureConversation, also updated in March, is used in conjunction with other Web service and application-specific protocols to accommodate security models and technologies. It is built on top of WS-Security to provide secure communication between services.
WS-SecurityPolicy, updated in December 2006, describes policy languages that can be applied to messages. Such languages can protect the integrity of messages, and describe the protection mechanism of Web services. Vendors can then query that policy and determine if they can abide by that policy.
WS-Federation, meanwhile, is the newest spec to hit the OASIS drawing board. Building upon the three specs that make up WS-SX, WS-Federation is meant to help implement identity federation in a Web services environment. “As we get more and more collaborative, we need ways that people can be authenticated to another domain, without having to go through the actual provisioning of the user of that domain,” Nadalin said. “The whole concept behind federation is allowing other parties or Web sites to be able to accept credentials from another party.”
Share this link: http://sdt.bz/31343
Most Read Latest News Blog Resources
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Zeichick’s Take: Radio moves from analog waveforms to digital packets
Streaming radio highlights the need for streaming applications to be designed to take up as little bandwidth as possible
|
|
Appcelerator Acquires Cocoafish to Add Instant Mobile Cloud Capabilities to its Industry Leading Titanium Platform
Appcelerator Offers Messaging, Social, Location and Storage Mobile Cloud Services to All Mobile App Publishers
|
|
ComponentOne Releases a Collection of 40+ UI Widgets Powered by HTML5 and jQuery
ComponentOne has announced the 2012 release of Wijmo: a kit of UI widgets for HTML5 and jQuery development
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
|
Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles
|
|
Xceed releases UX-focused suite for Microsoft’s WPF
"Blendables" helps match user experiences to developer visions
|
Are you at risk for burnout?
Burnout is a severe problem and it can strike at any time. Here's how to tell if you are nearing the edge.
|
|
Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
|
|
RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
|
|
GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
|
The Hidden Costs of Software Licensing
Moving beyond paper-based software licensing to more flexible, software-based licensing is a business decision. There is a growing trend tow...
|
|
Case Study: You May Need a Development Mechanic
As a contractor for a major financial player in Germany, SOBEGE, a German-based consultancy specializing in embedded IT and web services, wa...
|
|
Ensuring Software Quality at a Major International Bank
One of the world’s leading international banks has adopted AgitarOne technology for delivering generated unit tests for their Java software...
|
|
Load Testing Adobe Flex Applications
Adobe Flex applications may be different from applications you’ve worked with before. For classic HTML web applications, the server does all...
|