OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

tc-announce message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: WSS specification submitted for OASIS Standard


OASIS members:

The OASIS Web Services Security TC (WSS TC) has submitted the Web 
Services Security v1.0 specification, which is an approved Committee 
Draft, for review and consideration for approval by OASIS members to 
become an OASIS Standard. The TC's submission is attached below.

In accordance with the OASIS Technical Process, the specification has 
already gone through a 30 day public review period. OASIS members now 
have 15 days to familiarize themselves with the submission. By the 16th 
of the month I will send out a Call For Vote to the voting 
representative of each OASIS member organization, who will have until 
the end of the month to cast their ballots on whether this Committee 
Draft should be approved as an OASIS Standard. OASIS members should give 
their input on this question to the voting reps of their respective 
organizations.

The normative TC Process for approval of Committee Drafts as OASIS 
Standards is found at 
http://www.oasis-open.org/committees/process.php#standard

Please note that statements related to the IPR of this specification are 
posted at http://www.oasis-open.org/committees/wss/ipr.php

-Karl

=================================================================
Karl F. Best
Vice President, OASIS
office  +1 978.667.5115 x206     mobile +1 978.761.1648
karl.best@oasis-open.org      http://www.oasis-open.org




1. A formal specification that is a valid member of its type, together 
with appropriate documentation for the specification, both of which must 
be written using approved OASIS templates.

http://www.oasis-open.org/committees/download.php/5531/oasis-200401-wss-soap-message-security-1.0.pdf
http://www.oasis-open.org/committees/download.php/5532/oasis-200401-wss-username-token-profile-1.0.pdf
http://www.oasis-open.org/committees/download.php/5533/oasis-200401-wss-x509-token-profile-1.0.pdf
http://www.oasis-open.org/committees/download.php/5076/oasis-200401-wss-wssecurity-secext-1.0.xsd.xsd 

http://www.oasis-open.org/committees/download.php/5075/oasis-200401-wss-wssecurity-utility-1.0.xsd.xsd 



2. A clear English-language summary of the specification.

The documents comprising the Web Services Security v1.0 specification 
are as follows:

Web Services Security: SOAP Message Security (WS-Security)
http://www.oasis-open.org/committees/download.php/5531/oasis-200401-wss-soap-message-security-1.0.pdf 


Web Services Security: Username Token Profile
http://www.oasis-open.org/committees/download.php/5532/oasis-200401-wss-username-token-profile-1.0.pdf 


Web Services Security: X.509 Certificate Token Profile
http://www.oasis-open.org/committees/download.php/5533/oasis-200401-wss-x509-token-profile-1.0.pdf 


Two XML schema documents, secext.xsd and utility.xsd
http://www.oasis-open.org/committees/download.php/5076/oasis-200401-wss-wssecurity-secext-1.0.xsd.xsd 

http://www.oasis-open.org/committees/download.php/5075/oasis-200401-wss-wssecurity-utility-1.0.xsd.xsd

The Web Services Security specification describes a set of extensions to 
SOAP that allow message level security to be added to Web Services 
message exchanges. The two profile documents describe mechanisms for 
using WS-Security to carry Username/Password and X.509 certificate level 
detail within these messages. The two schema documents provide the 
formal XML definition of the extensions to the SOAP schema that 
WS-Security introduces.


3. A statement regarding the relationship of this specification to 
similar work of other OASIS TCs or other standards developing organizations.

This work builds upon work done in W3C in the areas of XML Digital 
Signature (DSIG) and XML Digital Encryption. The specification describes 
how to include security content (signatures and cipher text etc.) within 
a SOAP message header and body. As such, this spec, both utilizes and 
complements the SOAP work done by the XMLP WG at W3C. Further, the WSS 
specification and its profiles describe how to utilize X.509 
certificates within SOAP messages. X.509 (and X.500) are of course well 
known public specifications. Further profiles (yet to be finished) will 
describe how WS-Security can be used in conjunction with Kerberos, SAML, 
XrML and other security technologies that have been or are being 
developed at OASIS and elsewhere. Links to these related technologies 
are included in the specifications that we are delivering for easy cross 
reference by the reader.


4. Certification by at least three OASIS member organizations that they 
are successfully using the specification consistently with the OASIS IPR 
Policy.

The chairs have received statements from the following TC member 
organizations. We include below the submitted text (for ease of reading) 
and also pointers to the e-mail archive record of the statements made.

Argonne National Laboratory
http://lists.oasis-open.org/archives/wss/200402/msg00028.html

BEA Systems
http://lists.oasis-open.org/archives/wss/200402/msg00022.html

CommerceOne
http://lists.oasis-open.org/archives/wss/200402/msg00027.html

IBM
http://lists.oasis-open.org/archives/wss/200402/msg00023.html

Microsoft
http://lists.oasis-open.org/archives/wss/200402/msg00029.html

OpenNetwork
http://lists.oasis-open.org/archives/wss/200402/msg00024.html

Reactivity
http://lists.oasis-open.org/archives/wss/200402/msg00026.html

Systinet
http://lists.oasis-open.org/archives/wss/200402/msg00025.html


5. An account of each of the comments/issues raised during the public 
review period, along with its resolution.

http://lists.oasis-open.org/archives/wss/200401/msg00157.html
http://lists.oasis-open.org/archives/wss/200311/msg00044.html


6. An account of and results of the voting to approve the approve the 
specification as a Committee Draft.

http://www.oasis-open.org/apps/org/workgroup/wss/ballot.php?id=323&;
http://www.oasis-open.org/apps/org/workgroup/wss/ballot.php?id=324&;


7. An account of or pointer to votes and comments received in any 
earlier attempts to standardize substantially the same specification, 
together with the originating TC's response to each comment.

This specification has not been previously submitted to OASIS.


8. A pointer to the publicly visible comments archive for the originating TC

http://lists.oasis-open.org/archives/wss-comment/


9. A statement from the chair of the TC certifying that all members of 
the TC have been provided with a copy of the OASIS IPR Policy.

The TC chairs certify that all members have been reminded to read the 
IPR statement on numerous occasions and also in e-mail such as at 
http://lists.oasis-open.org/archives/wss/200401/msg00100.html and at 
http://lists.oasis-open.org/archives/wss/200401/msg00164.html


10. Optionally, a pointer to any minority reports submitted by one or 
more TC members who did not vote in favor of approving the Committee 
Draft, or certification by the chair that no minority reports exist.

No minority reports have been submitted to the chairs as of this 
writing. Two comments were registered using the ballot tool during the 
Committee Draft vote. Several comments were recorded using the ballot 
tool during the ballot to advance the specification to OASIS. Please see 
http://www.oasis-open.org/apps/org/workgroup/wss/ballot.php?id=323&;
and http://www.oasis-open.org/apps/org/workgroup/wss/ballot.php?id=324&;


Submitted by the TC co-chairs, Kelvin Lawrence, klawrenc@us.ibm.com, and
Chris Kaler, ckaler@microsoft.com.




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]