[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [rights] [news] STANDARDS BODIES SEEK TO RECONCILE WEB SERVICESSECURITY
STANDARDS BODIES SEEK TO RECONCILE WEB SERVICES SECURITY By Shawna McAlearney Seeking common ground for the implementation of Web security standards, the Organization for the Advancement of Structured Information Standards (OASIS) and the World Wide Web Consortium (W3C) took a small step forward Monday to reconcile differences in integration and resource allocation. "We are looking at ways in which we can maximize the consistency across the standards," says Phillip Hallam-Baker, a Web services security architect at VeriSign. "The whole industry realizes the potential of Web services, but without trust and security Web services are dead on arrival." According to Hallam-Baker, the W3C and OASIS working groups are addressing different levels of security infrastructure and the specifications are complementary, rather than competitive. The key standards under W3C include XML Encryption, XML Signature and eXtensible Key Management Specification (XKMS). OASIS's key standards include eXtensible Rights Markup Language (XrML); WS-Security; Security Assertion Markup Language (SAML); and eXtensible Access Control Markup Language (XACML). "For example XKMS and SAML both define a mechanism for authenticating SOAP messages," says Hallam-Baker. "WS-Security is a level higher, encompassing our experience with XKMS and SAML and providing a framework for applying standards to authenticate and encrypt any type of Web services message. One specification takes off where the other ends." http://www.oasis-open.org/presentations/security.shtml | John S. Erickson, Ph.D. | Hewlett-Packard Laboratories | PO Box 1158, Norwich, Vermont USA 05055 | 802-649-1683 (vox) 802-371-9796 (cell) 802-649-1695 (fax) | john_erickson@hpl.hp.com AIM/YIM/MSN: olyerickson
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC